NetLabel: Add secid token support to the NetLabel secattr struct

This patch adds support to the NetLabel LSM secattr struct for a secid token and a type field, paving the way for full LSM/SELinux context support and "static" or "fallback" labels. In addition, this patch adds a fair amount of documentation to the core NetLabel structures used as part of the NetLabel kernel API. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Paul Moore <paul.moore@hp.com> 2008-01-29 08:37:59 -0500
committer: James Morris <jmorris@namei.org> 2008-01-29 16:17:19 -0500
commit: 16efd45435fa695b501b7f73c3259bd7c77cc12c (patch)
tree: f26eb84f65192eb0a17aca399fd405100e4be974 /security
parent: 1c3fad936acaf87b75055b95be781437e97d787f (diff)
2 files changed, 9 insertions, 6 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 3bbcb5369af9..feaf0a5b828f 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -562,7 +562,7 @@ void mls_export_netlbl_lvl(struct context *context,
        if (!selinux_mls_enabled)
                return;
-        secattr->mls_lvl = context->range.level[0].sens - 1;
+        secattr->attr.mls.lvl = context->range.level[0].sens - 1;
        secattr->flags |= NETLBL_SECATTR_MLS_LVL;
 }
@@ -582,7 +582,7 @@ void mls_import_netlbl_lvl(struct context *context,
        if (!selinux_mls_enabled)
                return;
-        context->range.level[0].sens = secattr->mls_lvl + 1;
+        context->range.level[0].sens = secattr->attr.mls.lvl + 1;
        context->range.level[1].sens = context->range.level[0].sens;
 }
@@ -605,8 +605,8 @@ int mls_export_netlbl_cat(struct context *context,
                return 0;
        rc = ebitmap_netlbl_export(&context->range.level[0].cat,
-                                   &secattr->mls_cat);
+                                   &secattr->attr.mls.cat);
-        if (rc == 0 && secattr->mls_cat != NULL)
+        if (rc == 0 && secattr->attr.mls.cat != NULL)
                secattr->flags |= NETLBL_SECATTR_MLS_CAT;
        return rc;
@@ -633,7 +633,7 @@ int mls_import_netlbl_cat(struct context *context,
                return 0;
        rc = ebitmap_netlbl_import(&context->range.level[0].cat,
-                                   secattr->mls_cat);
+                                   secattr->attr.mls.cat);
        if (rc != 0)
                goto import_netlbl_cat_failure;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4bf715d4cf29..0f97ef578370 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2550,6 +2550,9 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
                default:
                        goto netlbl_secattr_to_sid_return;
                }
+        } else if (secattr->flags & NETLBL_SECATTR_SECID) {
+                *sid = secattr->attr.secid;
+                rc = 0;
        } else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
                ctx = sidtab_search(&sidtab, base_sid);
                if (ctx == NULL)
@@ -2561,7 +2564,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
                mls_import_netlbl_lvl(&ctx_new, secattr);
                if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
                        if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat,
-                                                  secattr->mls_cat) != 0)
+                                                  secattr->attr.mls.cat) != 0)
                                goto netlbl_secattr_to_sid_return;
                        ctx_new.range.level[1].cat.highbit =
                                ctx_new.range.level[0].cat.highbit;
author	Paul Moore <paul.moore@hp.com>	2008-01-29 08:37:59 -0500
committer	James Morris <jmorris@namei.org>	2008-01-29 16:17:19 -0500
commit	16efd45435fa695b501b7f73c3259bd7c77cc12c (patch)
tree	f26eb84f65192eb0a17aca399fd405100e4be974 /security
parent	1c3fad936acaf87b75055b95be781437e97d787f (diff)