diff options
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 50 | ||||
-rw-r--r-- | security/selinux/include/netlabel.h | 8 | ||||
-rw-r--r-- | security/selinux/netlabel.c | 14 |
3 files changed, 36 insertions, 36 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 63c2d36d55ab..ebee467e2913 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -293,28 +293,28 @@ static void superblock_free_security(struct super_block *sb) | |||
293 | 293 | ||
294 | static int sk_alloc_security(struct sock *sk, int family, gfp_t priority) | 294 | static int sk_alloc_security(struct sock *sk, int family, gfp_t priority) |
295 | { | 295 | { |
296 | struct sk_security_struct *ssec; | 296 | struct sk_security_struct *sksec; |
297 | 297 | ||
298 | ssec = kzalloc(sizeof(*ssec), priority); | 298 | sksec = kzalloc(sizeof(*sksec), priority); |
299 | if (!ssec) | 299 | if (!sksec) |
300 | return -ENOMEM; | 300 | return -ENOMEM; |
301 | 301 | ||
302 | ssec->peer_sid = SECINITSID_UNLABELED; | 302 | sksec->peer_sid = SECINITSID_UNLABELED; |
303 | ssec->sid = SECINITSID_UNLABELED; | 303 | sksec->sid = SECINITSID_UNLABELED; |
304 | sk->sk_security = ssec; | 304 | sk->sk_security = sksec; |
305 | 305 | ||
306 | selinux_netlbl_sk_security_reset(ssec); | 306 | selinux_netlbl_sk_security_reset(sksec); |
307 | 307 | ||
308 | return 0; | 308 | return 0; |
309 | } | 309 | } |
310 | 310 | ||
311 | static void sk_free_security(struct sock *sk) | 311 | static void sk_free_security(struct sock *sk) |
312 | { | 312 | { |
313 | struct sk_security_struct *ssec = sk->sk_security; | 313 | struct sk_security_struct *sksec = sk->sk_security; |
314 | 314 | ||
315 | sk->sk_security = NULL; | 315 | sk->sk_security = NULL; |
316 | selinux_netlbl_sk_security_free(ssec); | 316 | selinux_netlbl_sk_security_free(sksec); |
317 | kfree(ssec); | 317 | kfree(sksec); |
318 | } | 318 | } |
319 | 319 | ||
320 | /* The security server must be initialized before | 320 | /* The security server must be initialized before |
@@ -4002,7 +4002,7 @@ static int selinux_socket_unix_stream_connect(struct socket *sock, | |||
4002 | struct socket *other, | 4002 | struct socket *other, |
4003 | struct sock *newsk) | 4003 | struct sock *newsk) |
4004 | { | 4004 | { |
4005 | struct sk_security_struct *ssec; | 4005 | struct sk_security_struct *sksec; |
4006 | struct inode_security_struct *isec; | 4006 | struct inode_security_struct *isec; |
4007 | struct inode_security_struct *other_isec; | 4007 | struct inode_security_struct *other_isec; |
4008 | struct common_audit_data ad; | 4008 | struct common_audit_data ad; |
@@ -4021,13 +4021,13 @@ static int selinux_socket_unix_stream_connect(struct socket *sock, | |||
4021 | return err; | 4021 | return err; |
4022 | 4022 | ||
4023 | /* connecting socket */ | 4023 | /* connecting socket */ |
4024 | ssec = sock->sk->sk_security; | 4024 | sksec = sock->sk->sk_security; |
4025 | ssec->peer_sid = other_isec->sid; | 4025 | sksec->peer_sid = other_isec->sid; |
4026 | 4026 | ||
4027 | /* server child socket */ | 4027 | /* server child socket */ |
4028 | ssec = newsk->sk_security; | 4028 | sksec = newsk->sk_security; |
4029 | ssec->peer_sid = isec->sid; | 4029 | sksec->peer_sid = isec->sid; |
4030 | err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid); | 4030 | err = security_sid_mls_copy(other_isec->sid, sksec->peer_sid, &sksec->sid); |
4031 | 4031 | ||
4032 | return err; | 4032 | return err; |
4033 | } | 4033 | } |
@@ -4190,7 +4190,7 @@ static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *op | |||
4190 | int err = 0; | 4190 | int err = 0; |
4191 | char *scontext; | 4191 | char *scontext; |
4192 | u32 scontext_len; | 4192 | u32 scontext_len; |
4193 | struct sk_security_struct *ssec; | 4193 | struct sk_security_struct *sksec; |
4194 | struct inode_security_struct *isec; | 4194 | struct inode_security_struct *isec; |
4195 | u32 peer_sid = SECSID_NULL; | 4195 | u32 peer_sid = SECSID_NULL; |
4196 | 4196 | ||
@@ -4198,8 +4198,8 @@ static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *op | |||
4198 | 4198 | ||
4199 | if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET || | 4199 | if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET || |
4200 | isec->sclass == SECCLASS_TCP_SOCKET) { | 4200 | isec->sclass == SECCLASS_TCP_SOCKET) { |
4201 | ssec = sock->sk->sk_security; | 4201 | sksec = sock->sk->sk_security; |
4202 | peer_sid = ssec->peer_sid; | 4202 | peer_sid = sksec->peer_sid; |
4203 | } | 4203 | } |
4204 | if (peer_sid == SECSID_NULL) { | 4204 | if (peer_sid == SECSID_NULL) { |
4205 | err = -ENOPROTOOPT; | 4205 | err = -ENOPROTOOPT; |
@@ -4266,14 +4266,14 @@ static void selinux_sk_free_security(struct sock *sk) | |||
4266 | 4266 | ||
4267 | static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) | 4267 | static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) |
4268 | { | 4268 | { |
4269 | struct sk_security_struct *ssec = sk->sk_security; | 4269 | struct sk_security_struct *sksec = sk->sk_security; |
4270 | struct sk_security_struct *newssec = newsk->sk_security; | 4270 | struct sk_security_struct *newsksec = newsk->sk_security; |
4271 | 4271 | ||
4272 | newssec->sid = ssec->sid; | 4272 | newsksec->sid = sksec->sid; |
4273 | newssec->peer_sid = ssec->peer_sid; | 4273 | newsksec->peer_sid = sksec->peer_sid; |
4274 | newssec->sclass = ssec->sclass; | 4274 | newsksec->sclass = sksec->sclass; |
4275 | 4275 | ||
4276 | selinux_netlbl_sk_security_reset(newssec); | 4276 | selinux_netlbl_sk_security_reset(newsksec); |
4277 | } | 4277 | } |
4278 | 4278 | ||
4279 | static void selinux_sk_getsecid(struct sock *sk, u32 *secid) | 4279 | static void selinux_sk_getsecid(struct sock *sk, u32 *secid) |
diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h index 8d7384280a7a..cf2f628e6e28 100644 --- a/security/selinux/include/netlabel.h +++ b/security/selinux/include/netlabel.h | |||
@@ -42,8 +42,8 @@ void selinux_netlbl_cache_invalidate(void); | |||
42 | 42 | ||
43 | void selinux_netlbl_err(struct sk_buff *skb, int error, int gateway); | 43 | void selinux_netlbl_err(struct sk_buff *skb, int error, int gateway); |
44 | 44 | ||
45 | void selinux_netlbl_sk_security_free(struct sk_security_struct *ssec); | 45 | void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec); |
46 | void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec); | 46 | void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec); |
47 | 47 | ||
48 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, | 48 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
49 | u16 family, | 49 | u16 family, |
@@ -79,13 +79,13 @@ static inline void selinux_netlbl_err(struct sk_buff *skb, | |||
79 | } | 79 | } |
80 | 80 | ||
81 | static inline void selinux_netlbl_sk_security_free( | 81 | static inline void selinux_netlbl_sk_security_free( |
82 | struct sk_security_struct *ssec) | 82 | struct sk_security_struct *sksec) |
83 | { | 83 | { |
84 | return; | 84 | return; |
85 | } | 85 | } |
86 | 86 | ||
87 | static inline void selinux_netlbl_sk_security_reset( | 87 | static inline void selinux_netlbl_sk_security_reset( |
88 | struct sk_security_struct *ssec) | 88 | struct sk_security_struct *sksec) |
89 | { | 89 | { |
90 | return; | 90 | return; |
91 | } | 91 | } |
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 2534400317c5..3d09a2afc33c 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c | |||
@@ -131,21 +131,21 @@ void selinux_netlbl_err(struct sk_buff *skb, int error, int gateway) | |||
131 | 131 | ||
132 | /** | 132 | /** |
133 | * selinux_netlbl_sk_security_free - Free the NetLabel fields | 133 | * selinux_netlbl_sk_security_free - Free the NetLabel fields |
134 | * @sssec: the sk_security_struct | 134 | * @sksec: the sk_security_struct |
135 | * | 135 | * |
136 | * Description: | 136 | * Description: |
137 | * Free all of the memory in the NetLabel fields of a sk_security_struct. | 137 | * Free all of the memory in the NetLabel fields of a sk_security_struct. |
138 | * | 138 | * |
139 | */ | 139 | */ |
140 | void selinux_netlbl_sk_security_free(struct sk_security_struct *ssec) | 140 | void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec) |
141 | { | 141 | { |
142 | if (ssec->nlbl_secattr != NULL) | 142 | if (sksec->nlbl_secattr != NULL) |
143 | netlbl_secattr_free(ssec->nlbl_secattr); | 143 | netlbl_secattr_free(sksec->nlbl_secattr); |
144 | } | 144 | } |
145 | 145 | ||
146 | /** | 146 | /** |
147 | * selinux_netlbl_sk_security_reset - Reset the NetLabel fields | 147 | * selinux_netlbl_sk_security_reset - Reset the NetLabel fields |
148 | * @ssec: the sk_security_struct | 148 | * @sksec: the sk_security_struct |
149 | * @family: the socket family | 149 | * @family: the socket family |
150 | * | 150 | * |
151 | * Description: | 151 | * Description: |
@@ -153,9 +153,9 @@ void selinux_netlbl_sk_security_free(struct sk_security_struct *ssec) | |||
153 | * The caller is responsibile for all the NetLabel sk_security_struct locking. | 153 | * The caller is responsibile for all the NetLabel sk_security_struct locking. |
154 | * | 154 | * |
155 | */ | 155 | */ |
156 | void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec) | 156 | void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec) |
157 | { | 157 | { |
158 | ssec->nlbl_state = NLBL_UNSET; | 158 | sksec->nlbl_state = NLBL_UNSET; |
159 | } | 159 | } |
160 | 160 | ||
161 | /** | 161 | /** |