diff options
Diffstat (limited to 'security/selinux/include/selinux_netlabel.h')
-rw-r--r-- | security/selinux/include/selinux_netlabel.h | 35 |
1 files changed, 1 insertions, 34 deletions
diff --git a/security/selinux/include/selinux_netlabel.h b/security/selinux/include/selinux_netlabel.h index d885d880540e..d69ec650cdbe 100644 --- a/security/selinux/include/selinux_netlabel.h +++ b/security/selinux/include/selinux_netlabel.h | |||
@@ -43,40 +43,7 @@ void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec, | |||
43 | int family); | 43 | int family); |
44 | void selinux_netlbl_sk_clone_security(struct sk_security_struct *ssec, | 44 | void selinux_netlbl_sk_clone_security(struct sk_security_struct *ssec, |
45 | struct sk_security_struct *newssec); | 45 | struct sk_security_struct *newssec); |
46 | 46 | int selinux_netlbl_inode_permission(struct inode *inode, int mask); | |
47 | int __selinux_netlbl_inode_permission(struct inode *inode, int mask); | ||
48 | /** | ||
49 | * selinux_netlbl_inode_permission - Verify the socket is NetLabel labeled | ||
50 | * @inode: the file descriptor's inode | ||
51 | * @mask: the permission mask | ||
52 | * | ||
53 | * Description: | ||
54 | * Looks at a file's inode and if it is marked as a socket protected by | ||
55 | * NetLabel then verify that the socket has been labeled, if not try to label | ||
56 | * the socket now with the inode's SID. Returns zero on success, negative | ||
57 | * values on failure. | ||
58 | * | ||
59 | */ | ||
60 | static inline int selinux_netlbl_inode_permission(struct inode *inode, | ||
61 | int mask) | ||
62 | { | ||
63 | int rc = 0; | ||
64 | struct inode_security_struct *isec; | ||
65 | struct sk_security_struct *sksec; | ||
66 | |||
67 | if (!S_ISSOCK(inode->i_mode)) | ||
68 | return 0; | ||
69 | |||
70 | isec = inode->i_security; | ||
71 | sksec = SOCKET_I(inode)->sk->sk_security; | ||
72 | down(&isec->sem); | ||
73 | if (unlikely(sksec->nlbl_state == NLBL_REQUIRE && | ||
74 | (mask & (MAY_WRITE | MAY_APPEND)))) | ||
75 | rc = __selinux_netlbl_inode_permission(inode, mask); | ||
76 | up(&isec->sem); | ||
77 | |||
78 | return rc; | ||
79 | } | ||
80 | #else | 47 | #else |
81 | static inline void selinux_netlbl_cache_invalidate(void) | 48 | static inline void selinux_netlbl_cache_invalidate(void) |
82 | { | 49 | { |