aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2007-02-28 15:14:22 -0500
committerJames Morris <jmorris@namei.org>2007-04-26 01:35:48 -0400
commit5778eabd9cdbf16ea3e40248c452b4fd25554d11 (patch)
treea488fd5fc07c01b93fe38621888cc50c64cfc0a1 /security/selinux/include
parent128c6b6cbffc8203e13ea5712a8aa65d2ed82e4e (diff)
SELinux: extract the NetLabel SELinux support from the security server
Up until this patch the functions which have provided NetLabel support to SELinux have been integrated into the SELinux security server, which for various reasons is not really ideal. This patch makes an effort to extract as much of the NetLabel support from the security server as possibile and move it into it's own file within the SELinux directory structure. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/security.h24
-rw-r--r--security/selinux/include/selinux_netlabel.h71
2 files changed, 58 insertions, 37 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 210eec77e7ff..605b07165af8 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -35,6 +35,7 @@
35#endif 35#endif
36 36
37struct sk_buff; 37struct sk_buff;
38struct netlbl_lsm_secattr;
38 39
39extern int selinux_enabled; 40extern int selinux_enabled;
40extern int selinux_mls_enabled; 41extern int selinux_mls_enabled;
@@ -102,5 +103,28 @@ int security_fs_use(const char *fstype, unsigned int *behavior,
102int security_genfs_sid(const char *fstype, char *name, u16 sclass, 103int security_genfs_sid(const char *fstype, char *name, u16 sclass,
103 u32 *sid); 104 u32 *sid);
104 105
106#ifdef CONFIG_NETLABEL
107int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
108 u32 base_sid,
109 u32 *sid);
110
111int security_netlbl_sid_to_secattr(u32 sid,
112 struct netlbl_lsm_secattr *secattr);
113#else
114static inline int security_netlbl_secattr_to_sid(
115 struct netlbl_lsm_secattr *secattr,
116 u32 base_sid,
117 u32 *sid)
118{
119 return -EIDRM;
120}
121
122static inline int security_netlbl_sid_to_secattr(u32 sid,
123 struct netlbl_lsm_secattr *secattr)
124{
125 return -ENOENT;
126}
127#endif /* CONFIG_NETLABEL */
128
105#endif /* _SELINUX_SECURITY_H_ */ 129#endif /* _SELINUX_SECURITY_H_ */
106 130
diff --git a/security/selinux/include/selinux_netlabel.h b/security/selinux/include/selinux_netlabel.h
index 2a732c9033e3..218e3f77c350 100644
--- a/security/selinux/include/selinux_netlabel.h
+++ b/security/selinux/include/selinux_netlabel.h
@@ -38,19 +38,22 @@
38 38
39#ifdef CONFIG_NETLABEL 39#ifdef CONFIG_NETLABEL
40void selinux_netlbl_cache_invalidate(void); 40void selinux_netlbl_cache_invalidate(void);
41int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid); 41
42int selinux_netlbl_socket_post_create(struct socket *sock);
43void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock);
44int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
45 struct sk_buff *skb,
46 struct avc_audit_data *ad);
47void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec, 42void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec,
48 int family); 43 int family);
49void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec, 44void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec,
50 int family); 45 int family);
51void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, 46void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec,
52 struct sk_security_struct *newssec); 47 struct sk_security_struct *newssec);
48
49int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid);
50
51void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock);
52int selinux_netlbl_socket_post_create(struct socket *sock);
53int selinux_netlbl_inode_permission(struct inode *inode, int mask); 53int selinux_netlbl_inode_permission(struct inode *inode, int mask);
54int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
55 struct sk_buff *skb,
56 struct avc_audit_data *ad);
54int selinux_netlbl_socket_setsockopt(struct socket *sock, 57int selinux_netlbl_socket_setsockopt(struct socket *sock,
55 int level, 58 int level,
56 int optname); 59 int optname);
@@ -60,59 +63,53 @@ static inline void selinux_netlbl_cache_invalidate(void)
60 return; 63 return;
61} 64}
62 65
63static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, 66static inline void selinux_netlbl_sk_security_reset(
64 u32 base_sid, 67 struct sk_security_struct *ssec,
65 u32 *sid) 68 int family)
66{ 69{
67 *sid = SECSID_NULL; 70 return;
68 return 0;
69} 71}
70 72static inline void selinux_netlbl_sk_security_init(
71static inline int selinux_netlbl_socket_post_create(struct socket *sock) 73 struct sk_security_struct *ssec,
74 int family)
72{ 75{
73 return 0; 76 return;
74} 77}
75 78static inline void selinux_netlbl_sk_security_clone(
76static inline void selinux_netlbl_sock_graft(struct sock *sk, 79 struct sk_security_struct *ssec,
77 struct socket *sock) 80 struct sk_security_struct *newssec)
78{ 81{
79 return; 82 return;
80} 83}
81 84
82static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, 85static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
83 struct sk_buff *skb, 86 u32 base_sid,
84 struct avc_audit_data *ad) 87 u32 *sid)
85{ 88{
89 *sid = SECSID_NULL;
86 return 0; 90 return 0;
87} 91}
88 92
89static inline void selinux_netlbl_sk_security_reset( 93static inline void selinux_netlbl_sock_graft(struct sock *sk,
90 struct sk_security_struct *ssec, 94 struct socket *sock)
91 int family)
92{
93 return;
94}
95
96static inline void selinux_netlbl_sk_security_init(
97 struct sk_security_struct *ssec,
98 int family)
99{ 95{
100 return; 96 return;
101} 97}
102 98static inline int selinux_netlbl_socket_post_create(struct socket *sock)
103static inline void selinux_netlbl_sk_security_clone(
104 struct sk_security_struct *ssec,
105 struct sk_security_struct *newssec)
106{ 99{
107 return; 100 return 0;
108} 101}
109
110static inline int selinux_netlbl_inode_permission(struct inode *inode, 102static inline int selinux_netlbl_inode_permission(struct inode *inode,
111 int mask) 103 int mask)
112{ 104{
113 return 0; 105 return 0;
114} 106}
115 107static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
108 struct sk_buff *skb,
109 struct avc_audit_data *ad)
110{
111 return 0;
112}
116static inline int selinux_netlbl_socket_setsockopt(struct socket *sock, 113static inline int selinux_netlbl_socket_setsockopt(struct socket *sock,
117 int level, 114 int level,
118 int optname) 115 int optname)