aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss/services.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/ss/services.c')
-rw-r--r--security/selinux/ss/services.c55
1 files changed, 42 insertions, 13 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index bfa5a7dd6cf5..45d317044cb2 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -601,18 +601,7 @@ out:
601 601
602} 602}
603 603
604/** 604static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid)
605 * security_context_to_sid - Obtain a SID for a given security context.
606 * @scontext: security context
607 * @scontext_len: length in bytes
608 * @sid: security identifier, SID
609 *
610 * Obtains a SID associated with the security context that
611 * has the string representation specified by @scontext.
612 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
613 * memory is available, or 0 on success.
614 */
615int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
616{ 605{
617 char *scontext2; 606 char *scontext2;
618 struct context context; 607 struct context context;
@@ -703,7 +692,7 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
703 692
704 context.type = typdatum->value; 693 context.type = typdatum->value;
705 694
706 rc = mls_context_to_sid(oldc, &p, &context); 695 rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid);
707 if (rc) 696 if (rc)
708 goto out_unlock; 697 goto out_unlock;
709 698
@@ -727,6 +716,46 @@ out:
727 return rc; 716 return rc;
728} 717}
729 718
719/**
720 * security_context_to_sid - Obtain a SID for a given security context.
721 * @scontext: security context
722 * @scontext_len: length in bytes
723 * @sid: security identifier, SID
724 *
725 * Obtains a SID associated with the security context that
726 * has the string representation specified by @scontext.
727 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
728 * memory is available, or 0 on success.
729 */
730int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
731{
732 return security_context_to_sid_core(scontext, scontext_len,
733 sid, SECSID_NULL);
734}
735
736/**
737 * security_context_to_sid_default - Obtain a SID for a given security context,
738 * falling back to specified default if needed.
739 *
740 * @scontext: security context
741 * @scontext_len: length in bytes
742 * @sid: security identifier, SID
743 * @def_sid: default SID to assign on errror
744 *
745 * Obtains a SID associated with the security context that
746 * has the string representation specified by @scontext.
747 * The default SID is passed to the MLS layer to be used to allow
748 * kernel labeling of the MLS field if the MLS field is not present
749 * (for upgrading to MLS without full relabel).
750 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
751 * memory is available, or 0 on success.
752 */
753int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid)
754{
755 return security_context_to_sid_core(scontext, scontext_len,
756 sid, def_sid);
757}
758
730static int compute_sid_handle_invalid_context( 759static int compute_sid_handle_invalid_context(
731 struct context *scontext, 760 struct context *scontext,
732 struct context *tcontext, 761 struct context *tcontext,