diff options
| author | Venkat Yekkirala <vyekkirala@TrustedCS.com> | 2006-07-25 02:32:50 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:53:29 -0400 |
| commit | 4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf (patch) | |
| tree | 02adcb6fe6c346a8b99cf161ba5233ed1e572727 /security/dummy.c | |
| parent | cb969f072b6d67770b559617f14e767f47e77ece (diff) | |
[MLSXFRM]: Auto-labeling of child sockets
This automatically labels the TCP, Unix stream, and dccp child sockets
as well as openreqs to be at the same MLS level as the peer. This will
result in the selection of appropriately labeled IPSec Security
Associations.
This also uses the sock's sid (as opposed to the isec sid) in SELinux
enforcement of secmark in rcv_skb and postroute_last hooks.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/dummy.c')
| -rw-r--r-- | security/dummy.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/security/dummy.c b/security/dummy.c index 66cc06404930..1c45f8e4aad1 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
| @@ -812,6 +812,26 @@ static inline void dummy_sk_clone_security (const struct sock *sk, struct sock * | |||
| 812 | static inline void dummy_sk_getsecid(struct sock *sk, u32 *secid) | 812 | static inline void dummy_sk_getsecid(struct sock *sk, u32 *secid) |
| 813 | { | 813 | { |
| 814 | } | 814 | } |
| 815 | |||
| 816 | static inline void dummy_sock_graft(struct sock* sk, struct socket *parent) | ||
| 817 | { | ||
| 818 | } | ||
| 819 | |||
| 820 | static inline int dummy_inet_conn_request(struct sock *sk, | ||
| 821 | struct sk_buff *skb, struct request_sock *req) | ||
| 822 | { | ||
| 823 | return 0; | ||
| 824 | } | ||
| 825 | |||
| 826 | static inline void dummy_inet_csk_clone(struct sock *newsk, | ||
| 827 | const struct request_sock *req) | ||
| 828 | { | ||
| 829 | } | ||
| 830 | |||
| 831 | static inline void dummy_req_classify_flow(const struct request_sock *req, | ||
| 832 | struct flowi *fl) | ||
| 833 | { | ||
| 834 | } | ||
| 815 | #endif /* CONFIG_SECURITY_NETWORK */ | 835 | #endif /* CONFIG_SECURITY_NETWORK */ |
| 816 | 836 | ||
| 817 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 837 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
| @@ -1084,6 +1104,10 @@ void security_fixup_ops (struct security_operations *ops) | |||
| 1084 | set_to_dummy_if_null(ops, sk_free_security); | 1104 | set_to_dummy_if_null(ops, sk_free_security); |
| 1085 | set_to_dummy_if_null(ops, sk_clone_security); | 1105 | set_to_dummy_if_null(ops, sk_clone_security); |
| 1086 | set_to_dummy_if_null(ops, sk_getsecid); | 1106 | set_to_dummy_if_null(ops, sk_getsecid); |
| 1107 | set_to_dummy_if_null(ops, sock_graft); | ||
| 1108 | set_to_dummy_if_null(ops, inet_conn_request); | ||
| 1109 | set_to_dummy_if_null(ops, inet_csk_clone); | ||
| 1110 | set_to_dummy_if_null(ops, req_classify_flow); | ||
| 1087 | #endif /* CONFIG_SECURITY_NETWORK */ | 1111 | #endif /* CONFIG_SECURITY_NETWORK */ |
| 1088 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1112 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
| 1089 | set_to_dummy_if_null(ops, xfrm_policy_alloc_security); | 1113 | set_to_dummy_if_null(ops, xfrm_policy_alloc_security); |