aboutsummaryrefslogtreecommitdiffstats
path: root/security/capability.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2010-10-13 16:24:41 -0400
committerJames Morris <jmorris@namei.org>2010-10-20 19:12:48 -0400
commit2606fd1fa5710205b23ee859563502aa18362447 (patch)
treef79becd7010a2da1a765829fce0e09327cd50531 /security/capability.c
parent15714f7b58011cf3948cab2988abea560240c74f (diff)
secmark: make secmark object handling generic
Right now secmark has lots of direct selinux calls. Use all LSM calls and remove all SELinux specific knowledge. The only SELinux specific knowledge we leave is the mode. The only point is to make sure that other LSMs at least test this generic code before they assume it works. (They may also have to make changes if they do not represent labels as strings) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Moore <paul.moore@hp.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/capability.c')
-rw-r--r--security/capability.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/security/capability.c b/security/capability.c
index 95a6599a37bb..30ae00fbecd5 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -677,7 +677,18 @@ static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
677{ 677{
678} 678}
679 679
680static int cap_secmark_relabel_packet(u32 secid)
681{
682 return 0;
683}
680 684
685static void cap_secmark_refcount_inc(void)
686{
687}
688
689static void cap_secmark_refcount_dec(void)
690{
691}
681 692
682static void cap_req_classify_flow(const struct request_sock *req, 693static void cap_req_classify_flow(const struct request_sock *req,
683 struct flowi *fl) 694 struct flowi *fl)
@@ -777,7 +788,8 @@ static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
777 788
778static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 789static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
779{ 790{
780 return -EOPNOTSUPP; 791 *secid = 0;
792 return 0;
781} 793}
782 794
783static void cap_release_secctx(char *secdata, u32 seclen) 795static void cap_release_secctx(char *secdata, u32 seclen)
@@ -1018,6 +1030,9 @@ void __init security_fixup_ops(struct security_operations *ops)
1018 set_to_cap_if_null(ops, inet_conn_request); 1030 set_to_cap_if_null(ops, inet_conn_request);
1019 set_to_cap_if_null(ops, inet_csk_clone); 1031 set_to_cap_if_null(ops, inet_csk_clone);
1020 set_to_cap_if_null(ops, inet_conn_established); 1032 set_to_cap_if_null(ops, inet_conn_established);
1033 set_to_cap_if_null(ops, secmark_relabel_packet);
1034 set_to_cap_if_null(ops, secmark_refcount_inc);
1035 set_to_cap_if_null(ops, secmark_refcount_dec);
1021 set_to_cap_if_null(ops, req_classify_flow); 1036 set_to_cap_if_null(ops, req_classify_flow);
1022 set_to_cap_if_null(ops, tun_dev_create); 1037 set_to_cap_if_null(ops, tun_dev_create);
1023 set_to_cap_if_null(ops, tun_dev_post_create); 1038 set_to_cap_if_null(ops, tun_dev_post_create);