diff options
Diffstat (limited to 'security/selinux/ss/services.c')
-rw-r--r-- | security/selinux/ss/services.c | 55 |
1 files changed, 42 insertions, 13 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 922bb45054aa..014120474e69 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -601,18 +601,7 @@ out: | |||
601 | 601 | ||
602 | } | 602 | } |
603 | 603 | ||
604 | /** | 604 | static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) |
605 | * security_context_to_sid - Obtain a SID for a given security context. | ||
606 | * @scontext: security context | ||
607 | * @scontext_len: length in bytes | ||
608 | * @sid: security identifier, SID | ||
609 | * | ||
610 | * Obtains a SID associated with the security context that | ||
611 | * has the string representation specified by @scontext. | ||
612 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient | ||
613 | * memory is available, or 0 on success. | ||
614 | */ | ||
615 | int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) | ||
616 | { | 605 | { |
617 | char *scontext2; | 606 | char *scontext2; |
618 | struct context context; | 607 | struct context context; |
@@ -703,7 +692,7 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) | |||
703 | 692 | ||
704 | context.type = typdatum->value; | 693 | context.type = typdatum->value; |
705 | 694 | ||
706 | rc = mls_context_to_sid(oldc, &p, &context); | 695 | rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid); |
707 | if (rc) | 696 | if (rc) |
708 | goto out_unlock; | 697 | goto out_unlock; |
709 | 698 | ||
@@ -727,6 +716,46 @@ out: | |||
727 | return rc; | 716 | return rc; |
728 | } | 717 | } |
729 | 718 | ||
719 | /** | ||
720 | * security_context_to_sid - Obtain a SID for a given security context. | ||
721 | * @scontext: security context | ||
722 | * @scontext_len: length in bytes | ||
723 | * @sid: security identifier, SID | ||
724 | * | ||
725 | * Obtains a SID associated with the security context that | ||
726 | * has the string representation specified by @scontext. | ||
727 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient | ||
728 | * memory is available, or 0 on success. | ||
729 | */ | ||
730 | int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) | ||
731 | { | ||
732 | return security_context_to_sid_core(scontext, scontext_len, | ||
733 | sid, SECSID_NULL); | ||
734 | } | ||
735 | |||
736 | /** | ||
737 | * security_context_to_sid_default - Obtain a SID for a given security context, | ||
738 | * falling back to specified default if needed. | ||
739 | * | ||
740 | * @scontext: security context | ||
741 | * @scontext_len: length in bytes | ||
742 | * @sid: security identifier, SID | ||
743 | * @def_sid: default SID to assign on errror | ||
744 | * | ||
745 | * Obtains a SID associated with the security context that | ||
746 | * has the string representation specified by @scontext. | ||
747 | * The default SID is passed to the MLS layer to be used to allow | ||
748 | * kernel labeling of the MLS field if the MLS field is not present | ||
749 | * (for upgrading to MLS without full relabel). | ||
750 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient | ||
751 | * memory is available, or 0 on success. | ||
752 | */ | ||
753 | int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) | ||
754 | { | ||
755 | return security_context_to_sid_core(scontext, scontext_len, | ||
756 | sid, def_sid); | ||
757 | } | ||
758 | |||
730 | static int compute_sid_handle_invalid_context( | 759 | static int compute_sid_handle_invalid_context( |
731 | struct context *scontext, | 760 | struct context *scontext, |
732 | struct context *tcontext, | 761 | struct context *tcontext, |