aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-11-17 17:38:53 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-03 00:24:13 -0500
commit9f2ad66509b182b399a5b03de487f45bde623524 (patch)
tree8376dc2db99a78c1b043644f019c4dc224187f16 /security/selinux/include
parent9bb5fd2b05cb4dba229e225536faa59eaadd837d (diff)
NetLabel: SELinux cleanups
This patch does a lot of cleanup in the SELinux NetLabel support code. A summary of the changes include: * Use RCU locking for the NetLabel state variable in the skk_security_struct instead of using the inode_security_struct mutex. * Remove unnecessary parameters in selinux_netlbl_socket_post_create(). * Rename selinux_netlbl_sk_clone_security() to selinux_netlbl_sk_security_clone() to better fit the other NetLabel sk_security functions. * Improvements to selinux_netlbl_inode_permission() to help reduce the cost of the common case. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/objsec.h2
-rw-r--r--security/selinux/include/selinux_netlabel.h21
2 files changed, 15 insertions, 8 deletions
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index ef2267fea8bd..91b88f0ba20c 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -23,6 +23,7 @@
23#include <linux/fs.h> 23#include <linux/fs.h>
24#include <linux/binfmts.h> 24#include <linux/binfmts.h>
25#include <linux/in.h> 25#include <linux/in.h>
26#include <linux/spinlock.h>
26#include "flask.h" 27#include "flask.h"
27#include "avc.h" 28#include "avc.h"
28 29
@@ -108,6 +109,7 @@ struct sk_security_struct {
108 NLBL_REQUIRE, 109 NLBL_REQUIRE,
109 NLBL_LABELED, 110 NLBL_LABELED,
110 } nlbl_state; 111 } nlbl_state;
112 spinlock_t nlbl_lock; /* protects nlbl_state */
111#endif 113#endif
112}; 114};
113 115
diff --git a/security/selinux/include/selinux_netlabel.h b/security/selinux/include/selinux_netlabel.h
index 9de10cc2cef2..57943f4a8f90 100644
--- a/security/selinux/include/selinux_netlabel.h
+++ b/security/selinux/include/selinux_netlabel.h
@@ -38,9 +38,7 @@
38 38
39#ifdef CONFIG_NETLABEL 39#ifdef CONFIG_NETLABEL
40void selinux_netlbl_cache_invalidate(void); 40void selinux_netlbl_cache_invalidate(void);
41int selinux_netlbl_socket_post_create(struct socket *sock, 41int selinux_netlbl_socket_post_create(struct socket *sock);
42 int sock_family,
43 u32 sid);
44void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock); 42void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock);
45u32 selinux_netlbl_inet_conn_request(struct sk_buff *skb, u32 sock_sid); 43u32 selinux_netlbl_inet_conn_request(struct sk_buff *skb, u32 sock_sid);
46int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, 44int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
@@ -48,9 +46,11 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
48 struct avc_audit_data *ad); 46 struct avc_audit_data *ad);
49u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock); 47u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock);
50u32 selinux_netlbl_socket_getpeersec_dgram(struct sk_buff *skb); 48u32 selinux_netlbl_socket_getpeersec_dgram(struct sk_buff *skb);
49void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec,
50 int family);
51void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec, 51void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec,
52 int family); 52 int family);
53void selinux_netlbl_sk_clone_security(struct sk_security_struct *ssec, 53void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec,
54 struct sk_security_struct *newssec); 54 struct sk_security_struct *newssec);
55int selinux_netlbl_inode_permission(struct inode *inode, int mask); 55int selinux_netlbl_inode_permission(struct inode *inode, int mask);
56int selinux_netlbl_socket_setsockopt(struct socket *sock, 56int selinux_netlbl_socket_setsockopt(struct socket *sock,
@@ -62,9 +62,7 @@ static inline void selinux_netlbl_cache_invalidate(void)
62 return; 62 return;
63} 63}
64 64
65static inline int selinux_netlbl_socket_post_create(struct socket *sock, 65static inline int selinux_netlbl_socket_post_create(struct socket *sock)
66 int sock_family,
67 u32 sid)
68{ 66{
69 return 0; 67 return 0;
70} 68}
@@ -98,6 +96,13 @@ static inline u32 selinux_netlbl_socket_getpeersec_dgram(struct sk_buff *skb)
98 return SECSID_NULL; 96 return SECSID_NULL;
99} 97}
100 98
99static inline void selinux_netlbl_sk_security_reset(
100 struct sk_security_struct *ssec,
101 int family)
102{
103 return;
104}
105
101static inline void selinux_netlbl_sk_security_init( 106static inline void selinux_netlbl_sk_security_init(
102 struct sk_security_struct *ssec, 107 struct sk_security_struct *ssec,
103 int family) 108 int family)
@@ -105,7 +110,7 @@ static inline void selinux_netlbl_sk_security_init(
105 return; 110 return;
106} 111}
107 112
108static inline void selinux_netlbl_sk_clone_security( 113static inline void selinux_netlbl_sk_security_clone(
109 struct sk_security_struct *ssec, 114 struct sk_security_struct *ssec,
110 struct sk_security_struct *newssec) 115 struct sk_security_struct *newssec)
111{ 116{
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-14 17:07:34 -0500