diff options
author | Paul Moore <paul.moore@hp.com> | 2007-02-28 15:14:22 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2007-04-26 01:35:48 -0400 |
commit | 5778eabd9cdbf16ea3e40248c452b4fd25554d11 (patch) | |
tree | a488fd5fc07c01b93fe38621888cc50c64cfc0a1 /security/selinux/include | |
parent | 128c6b6cbffc8203e13ea5712a8aa65d2ed82e4e (diff) |
SELinux: extract the NetLabel SELinux support from the security server
Up until this patch the functions which have provided NetLabel support to
SELinux have been integrated into the SELinux security server, which for
various reasons is not really ideal. This patch makes an effort to extract as
much of the NetLabel support from the security server as possibile and move it
into it's own file within the SELinux directory structure.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/security.h | 24 | ||||
-rw-r--r-- | security/selinux/include/selinux_netlabel.h | 71 |
2 files changed, 58 insertions, 37 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 210eec77e7ff..605b07165af8 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
@@ -35,6 +35,7 @@ | |||
35 | #endif | 35 | #endif |
36 | 36 | ||
37 | struct sk_buff; | 37 | struct sk_buff; |
38 | struct netlbl_lsm_secattr; | ||
38 | 39 | ||
39 | extern int selinux_enabled; | 40 | extern int selinux_enabled; |
40 | extern int selinux_mls_enabled; | 41 | extern int selinux_mls_enabled; |
@@ -102,5 +103,28 @@ int security_fs_use(const char *fstype, unsigned int *behavior, | |||
102 | int security_genfs_sid(const char *fstype, char *name, u16 sclass, | 103 | int security_genfs_sid(const char *fstype, char *name, u16 sclass, |
103 | u32 *sid); | 104 | u32 *sid); |
104 | 105 | ||
106 | #ifdef CONFIG_NETLABEL | ||
107 | int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | ||
108 | u32 base_sid, | ||
109 | u32 *sid); | ||
110 | |||
111 | int security_netlbl_sid_to_secattr(u32 sid, | ||
112 | struct netlbl_lsm_secattr *secattr); | ||
113 | #else | ||
114 | static inline int security_netlbl_secattr_to_sid( | ||
115 | struct netlbl_lsm_secattr *secattr, | ||
116 | u32 base_sid, | ||
117 | u32 *sid) | ||
118 | { | ||
119 | return -EIDRM; | ||
120 | } | ||
121 | |||
122 | static inline int security_netlbl_sid_to_secattr(u32 sid, | ||
123 | struct netlbl_lsm_secattr *secattr) | ||
124 | { | ||
125 | return -ENOENT; | ||
126 | } | ||
127 | #endif /* CONFIG_NETLABEL */ | ||
128 | |||
105 | #endif /* _SELINUX_SECURITY_H_ */ | 129 | #endif /* _SELINUX_SECURITY_H_ */ |
106 | 130 | ||
diff --git a/security/selinux/include/selinux_netlabel.h b/security/selinux/include/selinux_netlabel.h index 2a732c9033e3..218e3f77c350 100644 --- a/security/selinux/include/selinux_netlabel.h +++ b/security/selinux/include/selinux_netlabel.h | |||
@@ -38,19 +38,22 @@ | |||
38 | 38 | ||
39 | #ifdef CONFIG_NETLABEL | 39 | #ifdef CONFIG_NETLABEL |
40 | void selinux_netlbl_cache_invalidate(void); | 40 | void selinux_netlbl_cache_invalidate(void); |
41 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid); | 41 | |
42 | int selinux_netlbl_socket_post_create(struct socket *sock); | ||
43 | void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock); | ||
44 | int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, | ||
45 | struct sk_buff *skb, | ||
46 | struct avc_audit_data *ad); | ||
47 | void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec, | 42 | void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec, |
48 | int family); | 43 | int family); |
49 | void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec, | 44 | void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec, |
50 | int family); | 45 | int family); |
51 | void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, | 46 | void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, |
52 | struct sk_security_struct *newssec); | 47 | struct sk_security_struct *newssec); |
48 | |||
49 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid); | ||
50 | |||
51 | void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock); | ||
52 | int selinux_netlbl_socket_post_create(struct socket *sock); | ||
53 | int selinux_netlbl_inode_permission(struct inode *inode, int mask); | 53 | int selinux_netlbl_inode_permission(struct inode *inode, int mask); |
54 | int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, | ||
55 | struct sk_buff *skb, | ||
56 | struct avc_audit_data *ad); | ||
54 | int selinux_netlbl_socket_setsockopt(struct socket *sock, | 57 | int selinux_netlbl_socket_setsockopt(struct socket *sock, |
55 | int level, | 58 | int level, |
56 | int optname); | 59 | int optname); |
@@ -60,59 +63,53 @@ static inline void selinux_netlbl_cache_invalidate(void) | |||
60 | return; | 63 | return; |
61 | } | 64 | } |
62 | 65 | ||
63 | static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, | 66 | static inline void selinux_netlbl_sk_security_reset( |
64 | u32 base_sid, | 67 | struct sk_security_struct *ssec, |
65 | u32 *sid) | 68 | int family) |
66 | { | 69 | { |
67 | *sid = SECSID_NULL; | 70 | return; |
68 | return 0; | ||
69 | } | 71 | } |
70 | 72 | static inline void selinux_netlbl_sk_security_init( | |
71 | static inline int selinux_netlbl_socket_post_create(struct socket *sock) | 73 | struct sk_security_struct *ssec, |
74 | int family) | ||
72 | { | 75 | { |
73 | return 0; | 76 | return; |
74 | } | 77 | } |
75 | 78 | static inline void selinux_netlbl_sk_security_clone( | |
76 | static inline void selinux_netlbl_sock_graft(struct sock *sk, | 79 | struct sk_security_struct *ssec, |
77 | struct socket *sock) | 80 | struct sk_security_struct *newssec) |
78 | { | 81 | { |
79 | return; | 82 | return; |
80 | } | 83 | } |
81 | 84 | ||
82 | static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, | 85 | static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
83 | struct sk_buff *skb, | 86 | u32 base_sid, |
84 | struct avc_audit_data *ad) | 87 | u32 *sid) |
85 | { | 88 | { |
89 | *sid = SECSID_NULL; | ||
86 | return 0; | 90 | return 0; |
87 | } | 91 | } |
88 | 92 | ||
89 | static inline void selinux_netlbl_sk_security_reset( | 93 | static inline void selinux_netlbl_sock_graft(struct sock *sk, |
90 | struct sk_security_struct *ssec, | 94 | struct socket *sock) |
91 | int family) | ||
92 | { | ||
93 | return; | ||
94 | } | ||
95 | |||
96 | static inline void selinux_netlbl_sk_security_init( | ||
97 | struct sk_security_struct *ssec, | ||
98 | int family) | ||
99 | { | 95 | { |
100 | return; | 96 | return; |
101 | } | 97 | } |
102 | 98 | static inline int selinux_netlbl_socket_post_create(struct socket *sock) | |
103 | static inline void selinux_netlbl_sk_security_clone( | ||
104 | struct sk_security_struct *ssec, | ||
105 | struct sk_security_struct *newssec) | ||
106 | { | 99 | { |
107 | return; | 100 | return 0; |
108 | } | 101 | } |
109 | |||
110 | static inline int selinux_netlbl_inode_permission(struct inode *inode, | 102 | static inline int selinux_netlbl_inode_permission(struct inode *inode, |
111 | int mask) | 103 | int mask) |
112 | { | 104 | { |
113 | return 0; | 105 | return 0; |
114 | } | 106 | } |
115 | 107 | static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, | |
108 | struct sk_buff *skb, | ||
109 | struct avc_audit_data *ad) | ||
110 | { | ||
111 | return 0; | ||
112 | } | ||
116 | static inline int selinux_netlbl_socket_setsockopt(struct socket *sock, | 113 | static inline int selinux_netlbl_socket_setsockopt(struct socket *sock, |
117 | int level, | 114 | int level, |
118 | int optname) | 115 | int optname) |