Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: smack: Add a new '-CIPSO' option to the network address label configuration netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections lsm: Remove the socket_post_accept() hook selinux: Remove the "compat_net" compatibility code netlabel: Label incoming TCP connections correctly in SELinux lsm: Relocate the IPv4 security_inet_conn_request() hooks TOMOYO: Fix a typo. smack: convert smack to standard linux lists
author: Linus Torvalds <torvalds@linux-foundation.org> 2009-03-28 20:30:42 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2009-03-28 20:30:42 -0400
commit: 7541bba880fb6989f489f0c68fa246a375b44035 (patch)
tree: 19ce55af8e8732aa61cb8db529cf2304d9d738b5 /include
parent: 795e2fe0a3b69dbc040d7efcf517e0cbad6901d0 (diff)
parent: 4303154e86597885bc3cbc178a48ccbc8213875f (diff)
3 files changed, 33 insertions, 14 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 1f2ab6353c00..54ed15799a83 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -880,11 +880,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      @sock contains the listening socket structure.
 *      @newsock contains the newly created server socket for connection.
 *      Return 0 if permission is granted.
- * @socket_post_accept:
- *      This hook allows a security module to copy security
- *      information into the newly created socket's inode.
- *      @sock contains the listening socket structure.
- *      @newsock contains the newly created server socket for connection.
 * @socket_sendmsg:
 *      Check permission before transmitting a message to another socket.
 *      @sock contains the socket structure.
@@ -1554,8 +1549,6 @@ struct security_operations {
                               struct sockaddr *address, int addrlen);
        int (*socket_listen) (struct socket *sock, int backlog);
        int (*socket_accept) (struct socket *sock, struct socket *newsock);
-        void (*socket_post_accept) (struct socket *sock,
-                                    struct socket *newsock);
        int (*socket_sendmsg) (struct socket *sock,
                               struct msghdr *msg, int size);
        int (*socket_recvmsg) (struct socket *sock,
@@ -2537,7 +2530,6 @@ int security_socket_bind(struct socket *sock, struct sockaddr *address, int addr
 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
 int security_socket_listen(struct socket *sock, int backlog);
 int security_socket_accept(struct socket *sock, struct socket *newsock);
-void security_socket_post_accept(struct socket *sock, struct socket *newsock);
 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
                            int size, int flags);
@@ -2616,11 +2608,6 @@ static inline int security_socket_accept(struct socket *sock,
        return 0;
 }
-static inline void security_socket_post_accept(struct socket *sock,
-                                               struct socket *newsock)
-{
-}
 static inline int security_socket_sendmsg(struct socket *sock,
                                          struct msghdr *msg, int size)
 {
diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
index bedc7f62e35d..abd443604c9f 100644
--- a/include/net/cipso_ipv4.h
+++ b/include/net/cipso_ipv4.h
@@ -40,6 +40,7 @@
 #include <linux/net.h>
 #include <linux/skbuff.h>
 #include <net/netlabel.h>
+#include <net/request_sock.h>
 #include <asm/atomic.h>
 /* known doi values */
@@ -215,6 +216,10 @@ int cipso_v4_sock_setattr(struct sock *sk,
                          const struct netlbl_lsm_secattr *secattr);
 void cipso_v4_sock_delattr(struct sock *sk);
 int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);
+int cipso_v4_req_setattr(struct request_sock *req,
+                         const struct cipso_v4_doi *doi_def,
+                         const struct netlbl_lsm_secattr *secattr);
+void cipso_v4_req_delattr(struct request_sock *req);
 int cipso_v4_skbuff_setattr(struct sk_buff *skb,
                            const struct cipso_v4_doi *doi_def,
                            const struct netlbl_lsm_secattr *secattr);
@@ -247,6 +252,18 @@ static inline int cipso_v4_sock_getattr(struct sock *sk,
        return -ENOSYS;
 }
+static inline int cipso_v4_req_setattr(struct request_sock *req,
+                                       const struct cipso_v4_doi *doi_def,
+                                       const struct netlbl_lsm_secattr *secattr)
+{
+        return -ENOSYS;
+}
+static inline void cipso_v4_req_delattr(struct request_sock *req)
+{
+        return;
+}
 static inline int cipso_v4_skbuff_setattr(struct sk_buff *skb,
                                      const struct cipso_v4_doi *doi_def,
                                      const struct netlbl_lsm_secattr *secattr)
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 749011eedc0b..60ebbc1fef46 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -36,6 +36,7 @@
 #include <linux/in.h>
 #include <linux/in6.h>
 #include <net/netlink.h>
+#include <net/request_sock.h>
 #include <asm/atomic.h>
 struct cipso_v4_doi;
@@ -406,6 +407,7 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap,
 */
 int netlbl_enabled(void);
 int netlbl_sock_setattr(struct sock *sk,
+                        u16 family,
                        const struct netlbl_lsm_secattr *secattr);
 void netlbl_sock_delattr(struct sock *sk);
 int netlbl_sock_getattr(struct sock *sk,
@@ -413,6 +415,9 @@ int netlbl_sock_getattr(struct sock *sk,
 int netlbl_conn_setattr(struct sock *sk,
                        struct sockaddr *addr,
                        const struct netlbl_lsm_secattr *secattr);
+int netlbl_req_setattr(struct request_sock *req,
+                       const struct netlbl_lsm_secattr *secattr);
+void netlbl_req_delattr(struct request_sock *req);
 int netlbl_skbuff_setattr(struct sk_buff *skb,
                          u16 family,
                          const struct netlbl_lsm_secattr *secattr);
@@ -519,7 +524,8 @@ static inline int netlbl_enabled(void)
        return 0;
 }
 static inline int netlbl_sock_setattr(struct sock *sk,
-                                     const struct netlbl_lsm_secattr *secattr)
+                                      u16 family,
+                                      const struct netlbl_lsm_secattr *secattr)
 {
        return -ENOSYS;
 }
@@ -537,6 +543,15 @@ static inline int netlbl_conn_setattr(struct sock *sk,
 {
        return -ENOSYS;
 }
+static inline int netlbl_req_setattr(struct request_sock *req,
+                                     const struct netlbl_lsm_secattr *secattr)
+{
+        return -ENOSYS;
+}
+static inline void netlbl_req_delattr(struct request_sock *req)
+{
+        return;
+}
 static inline int netlbl_skbuff_setattr(struct sk_buff *skb,
                                      u16 family,
                                      const struct netlbl_lsm_secattr *secattr)
author	Linus Torvalds <torvalds@linux-foundation.org>	2009-03-28 20:30:42 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2009-03-28 20:30:42 -0400
commit	7541bba880fb6989f489f0c68fa246a375b44035 (patch)
tree	19ce55af8e8732aa61cb8db529cf2304d9d738b5 /include
parent	795e2fe0a3b69dbc040d7efcf517e0cbad6901d0 (diff)
parent	4303154e86597885bc3cbc178a48ccbc8213875f (diff)