NetLabel: use SECINITSID_UNLABELED for a base SID

This patch changes NetLabel to use SECINITSID_UNLABLELED as it's source of SELinux type information when generating a NetLabel context. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
author: paul.moore@hp.com <paul.moore@hp.com> 2006-10-05 18:28:24 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-10-12 02:59:32 -0400
commit: 388b24057f90ba109d4bf855006a8809c383eb76 (patch)
tree: 44ab16f68b08ac7ed64ba4e4f2be87a6476a5d4c /security/selinux/ss/services.c
parent: ffb733c65000ee701294f7b80c4eca2a5f335637 (diff)
1 files changed, 9 insertions, 20 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index bb2d2bc869ba..18274b005090 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2336,7 +2336,7 @@ static int selinux_netlbl_secattr_to_sid(struct sk_buff *skb,
                        selinux_netlbl_cache_add(skb, &ctx_new);
                ebitmap_destroy(&ctx_new.range.level[0].cat);
        } else {
-                *sid = SECINITSID_UNLABELED;
+                *sid = SECSID_NULL;
                rc = 0;
        }
@@ -2519,7 +2519,7 @@ void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock)
        if (netlbl_sock_getattr(sk, &secattr) == 0 &&
            selinux_netlbl_secattr_to_sid(NULL,
                                          &secattr,
-                                          sksec->sid,
+                                          SECINITSID_UNLABELED,
                                          &nlbl_peer_sid) == 0)
                sksec->peer_sid = nlbl_peer_sid;
        netlbl_secattr_destroy(&secattr);
@@ -2552,9 +2552,6 @@ u32 selinux_netlbl_inet_conn_request(struct sk_buff *skb, u32 sock_sid)
        if (rc != 0)
                return SECSID_NULL;
-        if (peer_sid == SECINITSID_UNLABELED)
-                return SECSID_NULL;
        return peer_sid;
 }
@@ -2616,11 +2613,13 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
        u32 netlbl_sid;
        u32 recv_perm;
-        rc = selinux_netlbl_skbuff_getsid(skb, SECINITSID_NETMSG, &netlbl_sid);
+        rc = selinux_netlbl_skbuff_getsid(skb,
+                                          SECINITSID_UNLABELED,
+                                          &netlbl_sid);
        if (rc != 0)
                return rc;
-        if (netlbl_sid == SECINITSID_UNLABELED)
+        if (netlbl_sid == SECSID_NULL)
                return 0;
        switch (sksec->sclass) {
@@ -2658,10 +2657,6 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
 u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock)
 {
        struct sk_security_struct *sksec = sock->sk->sk_security;
-        if (sksec->peer_sid == SECINITSID_UNLABELED)
-                return SECSID_NULL;
        return sksec->peer_sid;
 }
@@ -2677,16 +2672,10 @@ u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock)
 u32 selinux_netlbl_socket_getpeersec_dgram(struct sk_buff *skb)
 {
        int peer_sid;
-        struct sock *sk = skb->sk;
-        struct inode_security_struct *isec;
-        if (sk == NULL || sk->sk_socket == NULL)
+        if (selinux_netlbl_skbuff_getsid(skb,
-                return SECSID_NULL;
+                                         SECINITSID_UNLABELED,
+                                         &peer_sid) != 0)
-        isec = SOCK_INODE(sk->sk_socket)->i_security;
-        if (selinux_netlbl_skbuff_getsid(skb, isec->sid, &peer_sid) != 0)
-                return SECSID_NULL;
-        if (peer_sid == SECINITSID_UNLABELED)
                return SECSID_NULL;
        return peer_sid;
author	paul.moore@hp.com <paul.moore@hp.com>	2006-10-05 18:28:24 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-10-12 02:59:32 -0400
commit	388b24057f90ba109d4bf855006a8809c383eb76 (patch)
tree	44ab16f68b08ac7ed64ba4e4f2be87a6476a5d4c /security/selinux/ss/services.c
parent	ffb733c65000ee701294f7b80c4eca2a5f335637 (diff)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index bb2d2bc869ba..18274b005090 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -2336,7 +2336,7 @@ static int selinux_netlbl_secattr_to_sid(struct sk_buff *skb,
2336	selinux_netlbl_cache_add(skb, &ctx_new);	2336	selinux_netlbl_cache_add(skb, &ctx_new);
2337	ebitmap_destroy(&ctx_new.range.level[0].cat);	2337	ebitmap_destroy(&ctx_new.range.level[0].cat);
2338	} else {	2338	} else {
2339	*sid = SECINITSID_UNLABELED;	2339	*sid = SECSID_NULL;
2340	rc = 0;	2340	rc = 0;
2341	}	2341	}
2342		2342
@@ -2519,7 +2519,7 @@ void selinux_netlbl_sock_graft(struct sock sk, struct socket sock)
2519	if (netlbl_sock_getattr(sk, &secattr) == 0 &&	2519	if (netlbl_sock_getattr(sk, &secattr) == 0 &&
2520	selinux_netlbl_secattr_to_sid(NULL,	2520	selinux_netlbl_secattr_to_sid(NULL,
2521	&secattr,	2521	&secattr,
2522	sksec->sid,	2522	SECINITSID_UNLABELED,
2523	&nlbl_peer_sid) == 0)	2523	&nlbl_peer_sid) == 0)
2524	sksec->peer_sid = nlbl_peer_sid;	2524	sksec->peer_sid = nlbl_peer_sid;
2525	netlbl_secattr_destroy(&secattr);	2525	netlbl_secattr_destroy(&secattr);
@@ -2552,9 +2552,6 @@ u32 selinux_netlbl_inet_conn_request(struct sk_buff *skb, u32 sock_sid)
2552	if (rc != 0)	2552	if (rc != 0)
2553	return SECSID_NULL;	2553	return SECSID_NULL;
2554		2554
2555	if (peer_sid == SECINITSID_UNLABELED)
2556	return SECSID_NULL;
2557
2558	return peer_sid;	2555	return peer_sid;
2559	}	2556	}
2560		2557
@@ -2616,11 +2613,13 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
2616	u32 netlbl_sid;	2613	u32 netlbl_sid;
2617	u32 recv_perm;	2614	u32 recv_perm;
2618		2615
2619	rc = selinux_netlbl_skbuff_getsid(skb, SECINITSID_NETMSG, &netlbl_sid);	2616	rc = selinux_netlbl_skbuff_getsid(skb,
		2617	SECINITSID_UNLABELED,
		2618	&netlbl_sid);
2620	if (rc != 0)	2619	if (rc != 0)
2621	return rc;	2620	return rc;
2622		2621
2623	if (netlbl_sid == SECINITSID_UNLABELED)	2622	if (netlbl_sid == SECSID_NULL)
2624	return 0;	2623	return 0;
2625		2624
2626	switch (sksec->sclass) {	2625	switch (sksec->sclass) {
@@ -2658,10 +2657,6 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
2658	u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock)	2657	u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock)
2659	{	2658	{
2660	struct sk_security_struct *sksec = sock->sk->sk_security;	2659	struct sk_security_struct *sksec = sock->sk->sk_security;
2661
2662	if (sksec->peer_sid == SECINITSID_UNLABELED)
2663	return SECSID_NULL;
2664
2665	return sksec->peer_sid;	2660	return sksec->peer_sid;
2666	}	2661	}
2667		2662
@@ -2677,16 +2672,10 @@ u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock)
2677	u32 selinux_netlbl_socket_getpeersec_dgram(struct sk_buff *skb)	2672	u32 selinux_netlbl_socket_getpeersec_dgram(struct sk_buff *skb)
2678	{	2673	{
2679	int peer_sid;	2674	int peer_sid;
2680	struct sock *sk = skb->sk;
2681	struct inode_security_struct *isec;
2682		2675
2683	if (sk == NULL \|\| sk->sk_socket == NULL)	2676	if (selinux_netlbl_skbuff_getsid(skb,
2684	return SECSID_NULL;	2677	SECINITSID_UNLABELED,
2685		2678	&peer_sid) != 0)
2686	isec = SOCK_INODE(sk->sk_socket)->i_security;
2687	if (selinux_netlbl_skbuff_getsid(skb, isec->sid, &peer_sid) != 0)
2688	return SECSID_NULL;
2689	if (peer_sid == SECINITSID_UNLABELED)
2690	return SECSID_NULL;	2679	return SECSID_NULL;
2691		2680
2692	return peer_sid;	2681	return peer_sid;