diff options
author | Eric Paris <eparis@redhat.com> | 2010-10-13 16:24:41 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-10-20 19:12:48 -0400 |
commit | 2606fd1fa5710205b23ee859563502aa18362447 (patch) | |
tree | f79becd7010a2da1a765829fce0e09327cd50531 /security/selinux/exports.c | |
parent | 15714f7b58011cf3948cab2988abea560240c74f (diff) |
secmark: make secmark object handling generic
Right now secmark has lots of direct selinux calls. Use all LSM calls and
remove all SELinux specific knowledge. The only SELinux specific knowledge
we leave is the mode. The only point is to make sure that other LSMs at
least test this generic code before they assume it works. (They may also
have to make changes if they do not represent labels as strings)
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/exports.c')
-rw-r--r-- | security/selinux/exports.c | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/security/selinux/exports.c b/security/selinux/exports.c index c0a454aee1e0..90664385dead 100644 --- a/security/selinux/exports.c +++ b/security/selinux/exports.c | |||
@@ -11,58 +11,9 @@ | |||
11 | * it under the terms of the GNU General Public License version 2, | 11 | * it under the terms of the GNU General Public License version 2, |
12 | * as published by the Free Software Foundation. | 12 | * as published by the Free Software Foundation. |
13 | */ | 13 | */ |
14 | #include <linux/types.h> | ||
15 | #include <linux/kernel.h> | ||
16 | #include <linux/module.h> | 14 | #include <linux/module.h> |
17 | #include <linux/selinux.h> | ||
18 | #include <linux/fs.h> | ||
19 | #include <linux/ipc.h> | ||
20 | #include <asm/atomic.h> | ||
21 | 15 | ||
22 | #include "security.h" | 16 | #include "security.h" |
23 | #include "objsec.h" | ||
24 | |||
25 | /* SECMARK reference count */ | ||
26 | extern atomic_t selinux_secmark_refcount; | ||
27 | |||
28 | int selinux_string_to_sid(char *str, u32 *sid) | ||
29 | { | ||
30 | if (selinux_enabled) | ||
31 | return security_context_to_sid(str, strlen(str), sid); | ||
32 | else { | ||
33 | *sid = 0; | ||
34 | return 0; | ||
35 | } | ||
36 | } | ||
37 | EXPORT_SYMBOL_GPL(selinux_string_to_sid); | ||
38 | |||
39 | int selinux_secmark_relabel_packet_permission(u32 sid) | ||
40 | { | ||
41 | if (selinux_enabled) { | ||
42 | const struct task_security_struct *__tsec; | ||
43 | u32 tsid; | ||
44 | |||
45 | __tsec = current_security(); | ||
46 | tsid = __tsec->sid; | ||
47 | |||
48 | return avc_has_perm(tsid, sid, SECCLASS_PACKET, | ||
49 | PACKET__RELABELTO, NULL); | ||
50 | } | ||
51 | return 0; | ||
52 | } | ||
53 | EXPORT_SYMBOL_GPL(selinux_secmark_relabel_packet_permission); | ||
54 | |||
55 | void selinux_secmark_refcount_inc(void) | ||
56 | { | ||
57 | atomic_inc(&selinux_secmark_refcount); | ||
58 | } | ||
59 | EXPORT_SYMBOL_GPL(selinux_secmark_refcount_inc); | ||
60 | |||
61 | void selinux_secmark_refcount_dec(void) | ||
62 | { | ||
63 | atomic_dec(&selinux_secmark_refcount); | ||
64 | } | ||
65 | EXPORT_SYMBOL_GPL(selinux_secmark_refcount_dec); | ||
66 | 17 | ||
67 | bool selinux_is_enabled(void) | 18 | bool selinux_is_enabled(void) |
68 | { | 19 | { |