diff options
author | paul.moore@hp.com <paul.moore@hp.com> | 2006-10-05 18:28:24 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-10-12 02:59:32 -0400 |
commit | 388b24057f90ba109d4bf855006a8809c383eb76 (patch) | |
tree | 44ab16f68b08ac7ed64ba4e4f2be87a6476a5d4c | |
parent | ffb733c65000ee701294f7b80c4eca2a5f335637 (diff) |
NetLabel: use SECINITSID_UNLABELED for a base SID
This patch changes NetLabel to use SECINITSID_UNLABLELED as it's source of
SELinux type information when generating a NetLabel context.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/selinux/ss/services.c | 29 |
1 files changed, 9 insertions, 20 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index bb2d2bc869ba..18274b005090 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -2336,7 +2336,7 @@ static int selinux_netlbl_secattr_to_sid(struct sk_buff *skb, | |||
2336 | selinux_netlbl_cache_add(skb, &ctx_new); | 2336 | selinux_netlbl_cache_add(skb, &ctx_new); |
2337 | ebitmap_destroy(&ctx_new.range.level[0].cat); | 2337 | ebitmap_destroy(&ctx_new.range.level[0].cat); |
2338 | } else { | 2338 | } else { |
2339 | *sid = SECINITSID_UNLABELED; | 2339 | *sid = SECSID_NULL; |
2340 | rc = 0; | 2340 | rc = 0; |
2341 | } | 2341 | } |
2342 | 2342 | ||
@@ -2519,7 +2519,7 @@ void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock) | |||
2519 | if (netlbl_sock_getattr(sk, &secattr) == 0 && | 2519 | if (netlbl_sock_getattr(sk, &secattr) == 0 && |
2520 | selinux_netlbl_secattr_to_sid(NULL, | 2520 | selinux_netlbl_secattr_to_sid(NULL, |
2521 | &secattr, | 2521 | &secattr, |
2522 | sksec->sid, | 2522 | SECINITSID_UNLABELED, |
2523 | &nlbl_peer_sid) == 0) | 2523 | &nlbl_peer_sid) == 0) |
2524 | sksec->peer_sid = nlbl_peer_sid; | 2524 | sksec->peer_sid = nlbl_peer_sid; |
2525 | netlbl_secattr_destroy(&secattr); | 2525 | netlbl_secattr_destroy(&secattr); |
@@ -2552,9 +2552,6 @@ u32 selinux_netlbl_inet_conn_request(struct sk_buff *skb, u32 sock_sid) | |||
2552 | if (rc != 0) | 2552 | if (rc != 0) |
2553 | return SECSID_NULL; | 2553 | return SECSID_NULL; |
2554 | 2554 | ||
2555 | if (peer_sid == SECINITSID_UNLABELED) | ||
2556 | return SECSID_NULL; | ||
2557 | |||
2558 | return peer_sid; | 2555 | return peer_sid; |
2559 | } | 2556 | } |
2560 | 2557 | ||
@@ -2616,11 +2613,13 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, | |||
2616 | u32 netlbl_sid; | 2613 | u32 netlbl_sid; |
2617 | u32 recv_perm; | 2614 | u32 recv_perm; |
2618 | 2615 | ||
2619 | rc = selinux_netlbl_skbuff_getsid(skb, SECINITSID_NETMSG, &netlbl_sid); | 2616 | rc = selinux_netlbl_skbuff_getsid(skb, |
2617 | SECINITSID_UNLABELED, | ||
2618 | &netlbl_sid); | ||
2620 | if (rc != 0) | 2619 | if (rc != 0) |
2621 | return rc; | 2620 | return rc; |
2622 | 2621 | ||
2623 | if (netlbl_sid == SECINITSID_UNLABELED) | 2622 | if (netlbl_sid == SECSID_NULL) |
2624 | return 0; | 2623 | return 0; |
2625 | 2624 | ||
2626 | switch (sksec->sclass) { | 2625 | switch (sksec->sclass) { |
@@ -2658,10 +2657,6 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, | |||
2658 | u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock) | 2657 | u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock) |
2659 | { | 2658 | { |
2660 | struct sk_security_struct *sksec = sock->sk->sk_security; | 2659 | struct sk_security_struct *sksec = sock->sk->sk_security; |
2661 | |||
2662 | if (sksec->peer_sid == SECINITSID_UNLABELED) | ||
2663 | return SECSID_NULL; | ||
2664 | |||
2665 | return sksec->peer_sid; | 2660 | return sksec->peer_sid; |
2666 | } | 2661 | } |
2667 | 2662 | ||
@@ -2677,16 +2672,10 @@ u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock) | |||
2677 | u32 selinux_netlbl_socket_getpeersec_dgram(struct sk_buff *skb) | 2672 | u32 selinux_netlbl_socket_getpeersec_dgram(struct sk_buff *skb) |
2678 | { | 2673 | { |
2679 | int peer_sid; | 2674 | int peer_sid; |
2680 | struct sock *sk = skb->sk; | ||
2681 | struct inode_security_struct *isec; | ||
2682 | 2675 | ||
2683 | if (sk == NULL || sk->sk_socket == NULL) | 2676 | if (selinux_netlbl_skbuff_getsid(skb, |
2684 | return SECSID_NULL; | 2677 | SECINITSID_UNLABELED, |
2685 | 2678 | &peer_sid) != 0) | |
2686 | isec = SOCK_INODE(sk->sk_socket)->i_security; | ||
2687 | if (selinux_netlbl_skbuff_getsid(skb, isec->sid, &peer_sid) != 0) | ||
2688 | return SECSID_NULL; | ||
2689 | if (peer_sid == SECINITSID_UNLABELED) | ||
2690 | return SECSID_NULL; | 2679 | return SECSID_NULL; |
2691 | 2680 | ||
2692 | return peer_sid; | 2681 | return peer_sid; |