diff options
author | Venkat Yekkirala <vyekkirala@TrustedCS.com> | 2006-08-05 02:08:56 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:53:22 -0400 |
commit | 892c141e62982272b9c738b5520ad0e5e1ad7b42 (patch) | |
tree | c8e0c9b3e55106d2cb085a5047b9d02dbbb28653 /security/dummy.c | |
parent | 08554d6b33e60aa8ee40bbef94505941c0eefef2 (diff) |
[MLSXFRM]: Add security sid to sock
This adds security for IP sockets at the sock level. Security at the
sock level is needed to enforce the SELinux security policy for
security associations even when a sock is orphaned (such as in the TCP
LAST_ACK state).
This will also be used to enforce SELinux controls over data arriving
at or leaving a child socket while it's still waiting to be accepted.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/dummy.c')
-rw-r--r-- | security/dummy.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/dummy.c b/security/dummy.c index 58c6d399c844..bd3bc5faa9a8 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -805,6 +805,10 @@ static inline void dummy_sk_free_security (struct sock *sk) | |||
805 | { | 805 | { |
806 | } | 806 | } |
807 | 807 | ||
808 | static inline void dummy_sk_clone_security (const struct sock *sk, struct sock *newsk) | ||
809 | { | ||
810 | } | ||
811 | |||
808 | static unsigned int dummy_sk_getsid(struct sock *sk, struct flowi *fl, u8 dir) | 812 | static unsigned int dummy_sk_getsid(struct sock *sk, struct flowi *fl, u8 dir) |
809 | { | 813 | { |
810 | return 0; | 814 | return 0; |
@@ -1060,6 +1064,7 @@ void security_fixup_ops (struct security_operations *ops) | |||
1060 | set_to_dummy_if_null(ops, socket_getpeersec_dgram); | 1064 | set_to_dummy_if_null(ops, socket_getpeersec_dgram); |
1061 | set_to_dummy_if_null(ops, sk_alloc_security); | 1065 | set_to_dummy_if_null(ops, sk_alloc_security); |
1062 | set_to_dummy_if_null(ops, sk_free_security); | 1066 | set_to_dummy_if_null(ops, sk_free_security); |
1067 | set_to_dummy_if_null(ops, sk_clone_security); | ||
1063 | set_to_dummy_if_null(ops, sk_getsid); | 1068 | set_to_dummy_if_null(ops, sk_getsid); |
1064 | #endif /* CONFIG_SECURITY_NETWORK */ | 1069 | #endif /* CONFIG_SECURITY_NETWORK */ |
1065 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1070 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |