NetLabel: Allow passing the LSM domain as a shared pointer

Smack doesn't have the need to create a private copy of the LSM "domain" when setting NetLabel security attributes like SELinux, however, the current NetLabel code requires a private copy of the LSM "domain". This patches fixes that by letting the LSM determine how it wants to pass the domain value. * NETLBL_SECATTR_DOMAIN_CPY The current behavior, NetLabel assumes that the domain value is a copy and frees it when done * NETLBL_SECATTR_DOMAIN New, Smack-friendly behavior, NetLabel assumes that the domain value is a reference to a string managed by the LSM and does not free it when done Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Paul Moore <paul.moore@hp.com> 2008-04-12 22:06:42 -0400
committer: David S. Miller <davem@davemloft.net> 2008-04-12 22:06:42 -0400
commit: 00447872a643787411c2c0cb1df6169dda8b0c47 (patch)
tree: ea4215f6f3040507b46bf90fe133ca73a59c9c0e /include/net/netlabel.h
parent: b9f3124f08fffe2ad706fd164f6702fdca409a91 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 0ca67d73c7ad..5e53a85b5ca1 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -162,7 +162,7 @@ struct netlbl_lsm_secattr_catmap {
 /**
 * struct netlbl_lsm_secattr - NetLabel LSM security attributes
- * @flags: indicate which attributes are contained in this structure
+ * @flags: indicate structure attributes, see NETLBL_SECATTR_*
 * @type: indicate the NLTYPE of the attributes
 * @domain: the NetLabel LSM domain
 * @cache: NetLabel LSM specific cache
@@ -180,17 +180,22 @@ struct netlbl_lsm_secattr_catmap {
 * NetLabel itself when returning security attributes to the LSM.
 *
 */
+struct netlbl_lsm_secattr {
+        u32 flags;
+        /* bitmap values for 'flags' */
 #define NETLBL_SECATTR_NONE             0x00000000
 #define NETLBL_SECATTR_DOMAIN           0x00000001
+#define NETLBL_SECATTR_DOMAIN_CPY       (NETLBL_SECATTR_DOMAIN | \
+                                         NETLBL_SECATTR_FREE_DOMAIN)
 #define NETLBL_SECATTR_CACHE            0x00000002
 #define NETLBL_SECATTR_MLS_LVL          0x00000004
 #define NETLBL_SECATTR_MLS_CAT          0x00000008
 #define NETLBL_SECATTR_SECID            0x00000010
+        /* bitmap meta-values for 'flags' */
+#define NETLBL_SECATTR_FREE_DOMAIN      0x01000000
 #define NETLBL_SECATTR_CACHEABLE        (NETLBL_SECATTR_MLS_LVL | \
                                         NETLBL_SECATTR_MLS_CAT | \
                                         NETLBL_SECATTR_SECID)
-struct netlbl_lsm_secattr {
-        u32 flags;
        u32 type;
        char *domain;
        struct netlbl_lsm_cache *cache;
@@ -303,7 +308,8 @@ static inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr)
 */
 static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)
 {
-        kfree(secattr->domain);
+        if (secattr->flags & NETLBL_SECATTR_FREE_DOMAIN)
+                kfree(secattr->domain);
        if (secattr->flags & NETLBL_SECATTR_CACHE)
                netlbl_secattr_cache_free(secattr->cache);
        if (secattr->flags & NETLBL_SECATTR_MLS_CAT)
author	Paul Moore <paul.moore@hp.com>	2008-04-12 22:06:42 -0400
committer	David S. Miller <davem@davemloft.net>	2008-04-12 22:06:42 -0400
commit	00447872a643787411c2c0cb1df6169dda8b0c47 (patch)
tree	ea4215f6f3040507b46bf90fe133ca73a59c9c0e /include/net/netlabel.h
parent	b9f3124f08fffe2ad706fd164f6702fdca409a91 (diff)