aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorVenkat Yekkirala <vyekkirala@trustedcs.com>2006-11-08 18:04:09 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-03 00:21:33 -0500
commit6b877699c6f1efede4545bcecc367786a472eedb (patch)
treec0a60dc90578fa9f16d4496e2700bc285eab47c0 /include
parentc1a856c9640c9ff3d70bbd8214b6a0974609eef8 (diff)
SELinux: Return correct context for SO_PEERSEC
Fix SO_PEERSEC for tcp sockets to return the security context of the peer (as represented by the SA from the peer) as opposed to the SA used by the local/source socket. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/security.h16
-rw-r--r--include/net/request_sock.h1
2 files changed, 16 insertions, 1 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index a509329a669b..84cebcdb3f83 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -826,6 +826,8 @@ struct request_sock;
826 * Sets the openreq's sid to socket's sid with MLS portion taken from peer sid. 826 * Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
827 * @inet_csk_clone: 827 * @inet_csk_clone:
828 * Sets the new child socket's sid to the openreq sid. 828 * Sets the new child socket's sid to the openreq sid.
829 * @inet_conn_established:
830 * Sets the connection's peersid to the secmark on skb.
829 * @req_classify_flow: 831 * @req_classify_flow:
830 * Sets the flow's sid to the openreq sid. 832 * Sets the flow's sid to the openreq sid.
831 * 833 *
@@ -1368,6 +1370,7 @@ struct security_operations {
1368 int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb, 1370 int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb,
1369 struct request_sock *req); 1371 struct request_sock *req);
1370 void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req); 1372 void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req);
1373 void (*inet_conn_established)(struct sock *sk, struct sk_buff *skb);
1371 void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl); 1374 void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl);
1372#endif /* CONFIG_SECURITY_NETWORK */ 1375#endif /* CONFIG_SECURITY_NETWORK */
1373 1376
@@ -2961,9 +2964,15 @@ static inline void security_inet_csk_clone(struct sock *newsk,
2961{ 2964{
2962 security_ops->inet_csk_clone(newsk, req); 2965 security_ops->inet_csk_clone(newsk, req);
2963} 2966}
2967
2968static inline void security_inet_conn_established(struct sock *sk,
2969 struct sk_buff *skb)
2970{
2971 security_ops->inet_conn_established(sk, skb);
2972}
2964#else /* CONFIG_SECURITY_NETWORK */ 2973#else /* CONFIG_SECURITY_NETWORK */
2965static inline int security_unix_stream_connect(struct socket * sock, 2974static inline int security_unix_stream_connect(struct socket * sock,
2966 struct socket * other, 2975 struct socket * other,
2967 struct sock * newsk) 2976 struct sock * newsk)
2968{ 2977{
2969 return 0; 2978 return 0;
@@ -3110,6 +3119,11 @@ static inline void security_inet_csk_clone(struct sock *newsk,
3110 const struct request_sock *req) 3119 const struct request_sock *req)
3111{ 3120{
3112} 3121}
3122
3123static inline void security_inet_conn_established(struct sock *sk,
3124 struct sk_buff *skb)
3125{
3126}
3113#endif /* CONFIG_SECURITY_NETWORK */ 3127#endif /* CONFIG_SECURITY_NETWORK */
3114 3128
3115#ifdef CONFIG_SECURITY_NETWORK_XFRM 3129#ifdef CONFIG_SECURITY_NETWORK_XFRM
diff --git a/include/net/request_sock.h b/include/net/request_sock.h
index 8e165ca16bd8..f743a941a4f2 100644
--- a/include/net/request_sock.h
+++ b/include/net/request_sock.h
@@ -54,6 +54,7 @@ struct request_sock {
54 struct request_sock_ops *rsk_ops; 54 struct request_sock_ops *rsk_ops;
55 struct sock *sk; 55 struct sock *sk;
56 u32 secid; 56 u32 secid;
57 u32 peer_secid;
57}; 58};
58 59
59static inline struct request_sock *reqsk_alloc(struct request_sock_ops *ops) 60static inline struct request_sock *reqsk_alloc(struct request_sock_ops *ops)