aboutsummaryrefslogtreecommitdiffstats
path: root/security/dummy.c
diff options
context:
space:
mode:
authorVenkat Yekkirala <vyekkirala@TrustedCS.com>2006-08-05 02:08:56 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 17:53:22 -0400
commit892c141e62982272b9c738b5520ad0e5e1ad7b42 (patch)
treec8e0c9b3e55106d2cb085a5047b9d02dbbb28653 /security/dummy.c
parent08554d6b33e60aa8ee40bbef94505941c0eefef2 (diff)
[MLSXFRM]: Add security sid to sock
This adds security for IP sockets at the sock level. Security at the sock level is needed to enforce the SELinux security policy for security associations even when a sock is orphaned (such as in the TCP LAST_ACK state). This will also be used to enforce SELinux controls over data arriving at or leaving a child socket while it's still waiting to be accepted. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/dummy.c')
-rw-r--r--security/dummy.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/security/dummy.c b/security/dummy.c
index 58c6d399c844..bd3bc5faa9a8 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -805,6 +805,10 @@ static inline void dummy_sk_free_security (struct sock *sk)
805{ 805{
806} 806}
807 807
808static inline void dummy_sk_clone_security (const struct sock *sk, struct sock *newsk)
809{
810}
811
808static unsigned int dummy_sk_getsid(struct sock *sk, struct flowi *fl, u8 dir) 812static unsigned int dummy_sk_getsid(struct sock *sk, struct flowi *fl, u8 dir)
809{ 813{
810 return 0; 814 return 0;
@@ -1060,6 +1064,7 @@ void security_fixup_ops (struct security_operations *ops)
1060 set_to_dummy_if_null(ops, socket_getpeersec_dgram); 1064 set_to_dummy_if_null(ops, socket_getpeersec_dgram);
1061 set_to_dummy_if_null(ops, sk_alloc_security); 1065 set_to_dummy_if_null(ops, sk_alloc_security);
1062 set_to_dummy_if_null(ops, sk_free_security); 1066 set_to_dummy_if_null(ops, sk_free_security);
1067 set_to_dummy_if_null(ops, sk_clone_security);
1063 set_to_dummy_if_null(ops, sk_getsid); 1068 set_to_dummy_if_null(ops, sk_getsid);
1064 #endif /* CONFIG_SECURITY_NETWORK */ 1069 #endif /* CONFIG_SECURITY_NETWORK */
1065#ifdef CONFIG_SECURITY_NETWORK_XFRM 1070#ifdef CONFIG_SECURITY_NETWORK_XFRM