diff options
author | Paul Moore <paul.moore@hp.com> | 2008-01-29 08:38:04 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-01-29 16:17:20 -0500 |
commit | 75e22910cf0c26802b09dac2e34c13e648d3ed02 (patch) | |
tree | bf5f5c62f6db8a3057a0265dc7748bf310d26d4a /security/selinux/include | |
parent | 16efd45435fa695b501b7f73c3259bd7c77cc12c (diff) |
NetLabel: Add IP address family information to the netlbl_skbuff_getattr() function
In order to do any sort of IP header inspection of incoming packets we need to
know which address family, AF_INET/AF_INET6/etc., it belongs to and since the
sk_buff structure does not store this information we need to pass along the
address family separate from the packet itself.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/netlabel.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h index 218e3f77c350..272769a1cb96 100644 --- a/security/selinux/include/netlabel.h +++ b/security/selinux/include/netlabel.h | |||
@@ -46,13 +46,17 @@ void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec, | |||
46 | void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, | 46 | void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, |
47 | struct sk_security_struct *newssec); | 47 | struct sk_security_struct *newssec); |
48 | 48 | ||
49 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid); | 49 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
50 | u16 family, | ||
51 | u32 base_sid, | ||
52 | u32 *sid); | ||
50 | 53 | ||
51 | void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock); | 54 | void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock); |
52 | int selinux_netlbl_socket_post_create(struct socket *sock); | 55 | int selinux_netlbl_socket_post_create(struct socket *sock); |
53 | int selinux_netlbl_inode_permission(struct inode *inode, int mask); | 56 | int selinux_netlbl_inode_permission(struct inode *inode, int mask); |
54 | int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, | 57 | int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, |
55 | struct sk_buff *skb, | 58 | struct sk_buff *skb, |
59 | u16 family, | ||
56 | struct avc_audit_data *ad); | 60 | struct avc_audit_data *ad); |
57 | int selinux_netlbl_socket_setsockopt(struct socket *sock, | 61 | int selinux_netlbl_socket_setsockopt(struct socket *sock, |
58 | int level, | 62 | int level, |
@@ -83,6 +87,7 @@ static inline void selinux_netlbl_sk_security_clone( | |||
83 | } | 87 | } |
84 | 88 | ||
85 | static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, | 89 | static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
90 | u16 family, | ||
86 | u32 base_sid, | 91 | u32 base_sid, |
87 | u32 *sid) | 92 | u32 *sid) |
88 | { | 93 | { |
@@ -106,6 +111,7 @@ static inline int selinux_netlbl_inode_permission(struct inode *inode, | |||
106 | } | 111 | } |
107 | static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, | 112 | static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, |
108 | struct sk_buff *skb, | 113 | struct sk_buff *skb, |
114 | u16 family, | ||
109 | struct avc_audit_data *ad) | 115 | struct avc_audit_data *ad) |
110 | { | 116 | { |
111 | return 0; | 117 | return 0; |