diff options
author | David Howells <dhowells@redhat.com> | 2008-01-15 18:47:35 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-01-24 19:29:53 -0500 |
commit | 63cb34492351078479b2d4bae6a881806a396286 (patch) | |
tree | d33ab15eda40c5195c4a723d9e49591a9b4950f9 /include/linux | |
parent | c43e259cc756ece387faae849af0058b56d78466 (diff) |
security: add a secctx_to_secid() hook
Add a secctx_to_secid() LSM hook to go along with the existing
secid_to_secctx() LSM hook. This patch also includes the SELinux
implementation for this hook.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/security.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 2e2c63faead7..e4a91cb1b187 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -1202,6 +1202,10 @@ struct request_sock; | |||
1202 | * Convert secid to security context. | 1202 | * Convert secid to security context. |
1203 | * @secid contains the security ID. | 1203 | * @secid contains the security ID. |
1204 | * @secdata contains the pointer that stores the converted security context. | 1204 | * @secdata contains the pointer that stores the converted security context. |
1205 | * @secctx_to_secid: | ||
1206 | * Convert security context to secid. | ||
1207 | * @secid contains the pointer to the generated security ID. | ||
1208 | * @secdata contains the security context. | ||
1205 | * | 1209 | * |
1206 | * @release_secctx: | 1210 | * @release_secctx: |
1207 | * Release the security context. | 1211 | * Release the security context. |
@@ -1396,6 +1400,7 @@ struct security_operations { | |||
1396 | int (*getprocattr)(struct task_struct *p, char *name, char **value); | 1400 | int (*getprocattr)(struct task_struct *p, char *name, char **value); |
1397 | int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); | 1401 | int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); |
1398 | int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen); | 1402 | int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen); |
1403 | int (*secctx_to_secid)(char *secdata, u32 seclen, u32 *secid); | ||
1399 | void (*release_secctx)(char *secdata, u32 seclen); | 1404 | void (*release_secctx)(char *secdata, u32 seclen); |
1400 | 1405 | ||
1401 | #ifdef CONFIG_SECURITY_NETWORK | 1406 | #ifdef CONFIG_SECURITY_NETWORK |
@@ -1634,6 +1639,7 @@ int security_setprocattr(struct task_struct *p, char *name, void *value, size_t | |||
1634 | int security_netlink_send(struct sock *sk, struct sk_buff *skb); | 1639 | int security_netlink_send(struct sock *sk, struct sk_buff *skb); |
1635 | int security_netlink_recv(struct sk_buff *skb, int cap); | 1640 | int security_netlink_recv(struct sk_buff *skb, int cap); |
1636 | int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); | 1641 | int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); |
1642 | int security_secctx_to_secid(char *secdata, u32 seclen, u32 *secid); | ||
1637 | void security_release_secctx(char *secdata, u32 seclen); | 1643 | void security_release_secctx(char *secdata, u32 seclen); |
1638 | 1644 | ||
1639 | #else /* CONFIG_SECURITY */ | 1645 | #else /* CONFIG_SECURITY */ |
@@ -2308,6 +2314,13 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle | |||
2308 | return -EOPNOTSUPP; | 2314 | return -EOPNOTSUPP; |
2309 | } | 2315 | } |
2310 | 2316 | ||
2317 | static inline int security_secctx_to_secid(char *secdata, | ||
2318 | u32 seclen, | ||
2319 | u32 *secid) | ||
2320 | { | ||
2321 | return -EOPNOTSUPP; | ||
2322 | } | ||
2323 | |||
2311 | static inline void security_release_secctx(char *secdata, u32 seclen) | 2324 | static inline void security_release_secctx(char *secdata, u32 seclen) |
2312 | { | 2325 | { |
2313 | } | 2326 | } |