aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-04-12 22:06:42 -0400
committerDavid S. Miller <davem@davemloft.net>2008-04-12 22:06:42 -0400
commit00447872a643787411c2c0cb1df6169dda8b0c47 (patch)
treeea4215f6f3040507b46bf90fe133ca73a59c9c0e /include
parentb9f3124f08fffe2ad706fd164f6702fdca409a91 (diff)
NetLabel: Allow passing the LSM domain as a shared pointer
Smack doesn't have the need to create a private copy of the LSM "domain" when setting NetLabel security attributes like SELinux, however, the current NetLabel code requires a private copy of the LSM "domain". This patches fixes that by letting the LSM determine how it wants to pass the domain value. * NETLBL_SECATTR_DOMAIN_CPY The current behavior, NetLabel assumes that the domain value is a copy and frees it when done * NETLBL_SECATTR_DOMAIN New, Smack-friendly behavior, NetLabel assumes that the domain value is a reference to a string managed by the LSM and does not free it when done Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/net/netlabel.h14
1 files changed, 10 insertions, 4 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 0ca67d73c7ad..5e53a85b5ca1 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -162,7 +162,7 @@ struct netlbl_lsm_secattr_catmap {
162 162
163/** 163/**
164 * struct netlbl_lsm_secattr - NetLabel LSM security attributes 164 * struct netlbl_lsm_secattr - NetLabel LSM security attributes
165 * @flags: indicate which attributes are contained in this structure 165 * @flags: indicate structure attributes, see NETLBL_SECATTR_*
166 * @type: indicate the NLTYPE of the attributes 166 * @type: indicate the NLTYPE of the attributes
167 * @domain: the NetLabel LSM domain 167 * @domain: the NetLabel LSM domain
168 * @cache: NetLabel LSM specific cache 168 * @cache: NetLabel LSM specific cache
@@ -180,17 +180,22 @@ struct netlbl_lsm_secattr_catmap {
180 * NetLabel itself when returning security attributes to the LSM. 180 * NetLabel itself when returning security attributes to the LSM.
181 * 181 *
182 */ 182 */
183struct netlbl_lsm_secattr {
184 u32 flags;
185 /* bitmap values for 'flags' */
183#define NETLBL_SECATTR_NONE 0x00000000 186#define NETLBL_SECATTR_NONE 0x00000000
184#define NETLBL_SECATTR_DOMAIN 0x00000001 187#define NETLBL_SECATTR_DOMAIN 0x00000001
188#define NETLBL_SECATTR_DOMAIN_CPY (NETLBL_SECATTR_DOMAIN | \
189 NETLBL_SECATTR_FREE_DOMAIN)
185#define NETLBL_SECATTR_CACHE 0x00000002 190#define NETLBL_SECATTR_CACHE 0x00000002
186#define NETLBL_SECATTR_MLS_LVL 0x00000004 191#define NETLBL_SECATTR_MLS_LVL 0x00000004
187#define NETLBL_SECATTR_MLS_CAT 0x00000008 192#define NETLBL_SECATTR_MLS_CAT 0x00000008
188#define NETLBL_SECATTR_SECID 0x00000010 193#define NETLBL_SECATTR_SECID 0x00000010
194 /* bitmap meta-values for 'flags' */
195#define NETLBL_SECATTR_FREE_DOMAIN 0x01000000
189#define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \ 196#define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \
190 NETLBL_SECATTR_MLS_CAT | \ 197 NETLBL_SECATTR_MLS_CAT | \
191 NETLBL_SECATTR_SECID) 198 NETLBL_SECATTR_SECID)
192struct netlbl_lsm_secattr {
193 u32 flags;
194 u32 type; 199 u32 type;
195 char *domain; 200 char *domain;
196 struct netlbl_lsm_cache *cache; 201 struct netlbl_lsm_cache *cache;
@@ -303,7 +308,8 @@ static inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr)
303 */ 308 */
304static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr) 309static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)
305{ 310{
306 kfree(secattr->domain); 311 if (secattr->flags & NETLBL_SECATTR_FREE_DOMAIN)
312 kfree(secattr->domain);
307 if (secattr->flags & NETLBL_SECATTR_CACHE) 313 if (secattr->flags & NETLBL_SECATTR_CACHE)
308 netlbl_secattr_cache_free(secattr->cache); 314 netlbl_secattr_cache_free(secattr->cache);
309 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) 315 if (secattr->flags & NETLBL_SECATTR_MLS_CAT)