[MLSXFRM]: Add security sid to sock

This adds security for IP sockets at the sock level. Security at the sock level is needed to enforce the SELinux security policy for security associations even when a sock is orphaned (such as in the TCP LAST_ACK state). This will also be used to enforce SELinux controls over data arriving at or leaving a child socket while it's still waiting to be accepted. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Venkat Yekkirala <vyekkirala@TrustedCS.com> 2006-08-05 02:08:56 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 17:53:22 -0400
commit: 892c141e62982272b9c738b5520ad0e5e1ad7b42 (patch)
tree: c8e0c9b3e55106d2cb085a5047b9d02dbbb28653 /include/net
parent: 08554d6b33e60aa8ee40bbef94505941c0eefef2 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/include/net/sock.h b/include/net/sock.h
index 324b3ea233d6..91cdceb3c028 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -972,6 +972,19 @@ static inline void sock_graft(struct sock *sk, struct socket *parent)
        write_unlock_bh(&sk->sk_callback_lock);
 }
+static inline void sock_copy(struct sock *nsk, const struct sock *osk)
+{
+#ifdef CONFIG_SECURITY_NETWORK
+        void *sptr = nsk->sk_security;
+#endif
+        memcpy(nsk, osk, osk->sk_prot->obj_size);
+#ifdef CONFIG_SECURITY_NETWORK
+        nsk->sk_security = sptr;
+        security_sk_clone(osk, nsk);
+#endif
+}
 extern int sock_i_uid(struct sock *sk);
 extern unsigned long sock_i_ino(struct sock *sk);
author	Venkat Yekkirala <vyekkirala@TrustedCS.com>	2006-08-05 02:08:56 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 17:53:22 -0400
commit	892c141e62982272b9c738b5520ad0e5e1ad7b42 (patch)
tree	c8e0c9b3e55106d2cb085a5047b9d02dbbb28653 /include/net
parent	08554d6b33e60aa8ee40bbef94505941c0eefef2 (diff)

diff --git a/include/net/sock.h b/include/net/sock.h index 324b3ea233d6..91cdceb3c028 100644 --- a/include/net/sock.h +++ b/include/net/sock.h
@@ -972,6 +972,19 @@ static inline void sock_graft(struct sock sk, struct socket parent)
972	write_unlock_bh(&sk->sk_callback_lock);	972	write_unlock_bh(&sk->sk_callback_lock);
973	}	973	}
974		974
		975	static inline void sock_copy(struct sock nsk, const struct sock osk)
		976	{
		977	#ifdef CONFIG_SECURITY_NETWORK
		978	void *sptr = nsk->sk_security;
		979	#endif
		980
		981	memcpy(nsk, osk, osk->sk_prot->obj_size);
		982	#ifdef CONFIG_SECURITY_NETWORK
		983	nsk->sk_security = sptr;
		984	security_sk_clone(osk, nsk);
		985	#endif
		986	}
		987
975	extern int sock_i_uid(struct sock *sk);	988	extern int sock_i_uid(struct sock *sk);
976	extern unsigned long sock_i_ino(struct sock *sk);	989	extern unsigned long sock_i_ino(struct sock *sk);
977		990