diff options
author | Paul Moore <paul.moore@hp.com> | 2008-04-12 22:06:42 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-04-12 22:06:42 -0400 |
commit | 00447872a643787411c2c0cb1df6169dda8b0c47 (patch) | |
tree | ea4215f6f3040507b46bf90fe133ca73a59c9c0e /include | |
parent | b9f3124f08fffe2ad706fd164f6702fdca409a91 (diff) |
NetLabel: Allow passing the LSM domain as a shared pointer
Smack doesn't have the need to create a private copy of the LSM "domain" when
setting NetLabel security attributes like SELinux, however, the current
NetLabel code requires a private copy of the LSM "domain". This patches fixes
that by letting the LSM determine how it wants to pass the domain value.
* NETLBL_SECATTR_DOMAIN_CPY
The current behavior, NetLabel assumes that the domain value is a copy and
frees it when done
* NETLBL_SECATTR_DOMAIN
New, Smack-friendly behavior, NetLabel assumes that the domain value is a
reference to a string managed by the LSM and does not free it when done
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/netlabel.h | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 0ca67d73c7ad..5e53a85b5ca1 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h | |||
@@ -162,7 +162,7 @@ struct netlbl_lsm_secattr_catmap { | |||
162 | 162 | ||
163 | /** | 163 | /** |
164 | * struct netlbl_lsm_secattr - NetLabel LSM security attributes | 164 | * struct netlbl_lsm_secattr - NetLabel LSM security attributes |
165 | * @flags: indicate which attributes are contained in this structure | 165 | * @flags: indicate structure attributes, see NETLBL_SECATTR_* |
166 | * @type: indicate the NLTYPE of the attributes | 166 | * @type: indicate the NLTYPE of the attributes |
167 | * @domain: the NetLabel LSM domain | 167 | * @domain: the NetLabel LSM domain |
168 | * @cache: NetLabel LSM specific cache | 168 | * @cache: NetLabel LSM specific cache |
@@ -180,17 +180,22 @@ struct netlbl_lsm_secattr_catmap { | |||
180 | * NetLabel itself when returning security attributes to the LSM. | 180 | * NetLabel itself when returning security attributes to the LSM. |
181 | * | 181 | * |
182 | */ | 182 | */ |
183 | struct netlbl_lsm_secattr { | ||
184 | u32 flags; | ||
185 | /* bitmap values for 'flags' */ | ||
183 | #define NETLBL_SECATTR_NONE 0x00000000 | 186 | #define NETLBL_SECATTR_NONE 0x00000000 |
184 | #define NETLBL_SECATTR_DOMAIN 0x00000001 | 187 | #define NETLBL_SECATTR_DOMAIN 0x00000001 |
188 | #define NETLBL_SECATTR_DOMAIN_CPY (NETLBL_SECATTR_DOMAIN | \ | ||
189 | NETLBL_SECATTR_FREE_DOMAIN) | ||
185 | #define NETLBL_SECATTR_CACHE 0x00000002 | 190 | #define NETLBL_SECATTR_CACHE 0x00000002 |
186 | #define NETLBL_SECATTR_MLS_LVL 0x00000004 | 191 | #define NETLBL_SECATTR_MLS_LVL 0x00000004 |
187 | #define NETLBL_SECATTR_MLS_CAT 0x00000008 | 192 | #define NETLBL_SECATTR_MLS_CAT 0x00000008 |
188 | #define NETLBL_SECATTR_SECID 0x00000010 | 193 | #define NETLBL_SECATTR_SECID 0x00000010 |
194 | /* bitmap meta-values for 'flags' */ | ||
195 | #define NETLBL_SECATTR_FREE_DOMAIN 0x01000000 | ||
189 | #define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \ | 196 | #define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \ |
190 | NETLBL_SECATTR_MLS_CAT | \ | 197 | NETLBL_SECATTR_MLS_CAT | \ |
191 | NETLBL_SECATTR_SECID) | 198 | NETLBL_SECATTR_SECID) |
192 | struct netlbl_lsm_secattr { | ||
193 | u32 flags; | ||
194 | u32 type; | 199 | u32 type; |
195 | char *domain; | 200 | char *domain; |
196 | struct netlbl_lsm_cache *cache; | 201 | struct netlbl_lsm_cache *cache; |
@@ -303,7 +308,8 @@ static inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr) | |||
303 | */ | 308 | */ |
304 | static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr) | 309 | static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr) |
305 | { | 310 | { |
306 | kfree(secattr->domain); | 311 | if (secattr->flags & NETLBL_SECATTR_FREE_DOMAIN) |
312 | kfree(secattr->domain); | ||
307 | if (secattr->flags & NETLBL_SECATTR_CACHE) | 313 | if (secattr->flags & NETLBL_SECATTR_CACHE) |
308 | netlbl_secattr_cache_free(secattr->cache); | 314 | netlbl_secattr_cache_free(secattr->cache); |
309 | if (secattr->flags & NETLBL_SECATTR_MLS_CAT) | 315 | if (secattr->flags & NETLBL_SECATTR_MLS_CAT) |