diff options
author | Paul Moore <paul.moore@hp.com> | 2008-01-29 08:38:23 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-01-29 16:17:25 -0500 |
commit | 220deb966ea51e0dedb6a187c0763120809f3e64 (patch) | |
tree | 7d0e5dd8048907c364b4eeff294991937b466c7e /security/selinux/include/netlabel.h | |
parent | f67f4f315f31e7907779adb3296fb6682e755342 (diff) |
SELinux: Better integration between peer labeling subsystems
Rework the handling of network peer labels so that the different peer labeling
subsystems work better together. This includes moving both subsystems to a
single "peer" object class which involves not only changes to the permission
checks but an improved method of consolidating multiple packet peer labels.
As part of this work the inbound packet permission check code has been heavily
modified to handle both the old and new behavior in as sane a fashion as
possible.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include/netlabel.h')
-rw-r--r-- | security/selinux/include/netlabel.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h index 272769a1cb96..c8c05a6f298c 100644 --- a/security/selinux/include/netlabel.h +++ b/security/selinux/include/netlabel.h | |||
@@ -49,6 +49,7 @@ void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, | |||
49 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, | 49 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
50 | u16 family, | 50 | u16 family, |
51 | u32 base_sid, | 51 | u32 base_sid, |
52 | u32 *type, | ||
52 | u32 *sid); | 53 | u32 *sid); |
53 | 54 | ||
54 | void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock); | 55 | void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock); |
@@ -89,8 +90,10 @@ static inline void selinux_netlbl_sk_security_clone( | |||
89 | static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, | 90 | static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
90 | u16 family, | 91 | u16 family, |
91 | u32 base_sid, | 92 | u32 base_sid, |
93 | u32 *type, | ||
92 | u32 *sid) | 94 | u32 *sid) |
93 | { | 95 | { |
96 | *type = NETLBL_NLTYPE_NONE; | ||
94 | *sid = SECSID_NULL; | 97 | *sid = SECSID_NULL; |
95 | return 0; | 98 | return 0; |
96 | } | 99 | } |