aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/security.h12
-rw-r--r--include/net/sock.h13
2 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 6bc2aad494ff..4d7fb59996b0 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -812,6 +812,8 @@ struct swap_info_struct;
812 * which is used to copy security attributes between local stream sockets. 812 * which is used to copy security attributes between local stream sockets.
813 * @sk_free_security: 813 * @sk_free_security:
814 * Deallocate security structure. 814 * Deallocate security structure.
815 * @sk_clone_security:
816 * Clone/copy security structure.
815 * @sk_getsid: 817 * @sk_getsid:
816 * Retrieve the LSM-specific sid for the sock to enable caching of network 818 * Retrieve the LSM-specific sid for the sock to enable caching of network
817 * authorizations. 819 * authorizations.
@@ -1332,6 +1334,7 @@ struct security_operations {
1332 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid); 1334 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1333 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); 1335 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1334 void (*sk_free_security) (struct sock *sk); 1336 void (*sk_free_security) (struct sock *sk);
1337 void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
1335 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); 1338 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
1336#endif /* CONFIG_SECURITY_NETWORK */ 1339#endif /* CONFIG_SECURITY_NETWORK */
1337 1340
@@ -2885,6 +2888,11 @@ static inline void security_sk_free(struct sock *sk)
2885 return security_ops->sk_free_security(sk); 2888 return security_ops->sk_free_security(sk);
2886} 2889}
2887 2890
2891static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
2892{
2893 return security_ops->sk_clone_security(sk, newsk);
2894}
2895
2888static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) 2896static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir)
2889{ 2897{
2890 return security_ops->sk_getsid(sk, fl, dir); 2898 return security_ops->sk_getsid(sk, fl, dir);
@@ -3011,6 +3019,10 @@ static inline void security_sk_free(struct sock *sk)
3011{ 3019{
3012} 3020}
3013 3021
3022static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
3023{
3024}
3025
3014static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) 3026static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir)
3015{ 3027{
3016 return 0; 3028 return 0;
diff --git a/include/net/sock.h b/include/net/sock.h
index 324b3ea233d6..91cdceb3c028 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -972,6 +972,19 @@ static inline void sock_graft(struct sock *sk, struct socket *parent)
972 write_unlock_bh(&sk->sk_callback_lock); 972 write_unlock_bh(&sk->sk_callback_lock);
973} 973}
974 974
975static inline void sock_copy(struct sock *nsk, const struct sock *osk)
976{
977#ifdef CONFIG_SECURITY_NETWORK
978 void *sptr = nsk->sk_security;
979#endif
980
981 memcpy(nsk, osk, osk->sk_prot->obj_size);
982#ifdef CONFIG_SECURITY_NETWORK
983 nsk->sk_security = sptr;
984 security_sk_clone(osk, nsk);
985#endif
986}
987
975extern int sock_i_uid(struct sock *sk); 988extern int sock_i_uid(struct sock *sk);
976extern unsigned long sock_i_ino(struct sock *sk); 989extern unsigned long sock_i_ino(struct sock *sk);
977 990
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-08 01:07:01 -0500