jenna
/
kernel_samsung_sm7125
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

selinux: Consolidate sockcreate_sid logic

Browse Source 
Consolidate the basic sockcreate_sid logic into a single helper function
which allows us to do some cleanups in the related code.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
tirimbino
Paul Moore 15 years ago committed by James Morris
parent 4d1e24514d
commit d4f2d97841
1 changed files with 12 additions and 20 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 32
      security/selinux/hooks.c

32
security/selinux/hooks.c
Unescape View File

@ -3671,6 +3671,12 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
}
/* socket security operations */
static u32 socket_sockcreate_sid(const struct task_security_struct *tsec)
{
return tsec->sockcreate_sid ? : tsec->sid;
}
static int socket_has_perm(struct task_struct *task, struct socket *sock,
u32 perms)
{
@ -3698,21 +3704,15 @@ static int selinux_socket_create(int family, int type,
{
const struct cred *cred = current_cred();
const struct task_security_struct *tsec = cred->security;
u32 sid, newsid;
u32 newsid;
u16 secclass;
int err = 0;
if (kern)
goto out;
sid = tsec->sid;
newsid = tsec->sockcreate_sid ?: sid;
return 0;
newsid = socket_sockcreate_sid(tsec);
secclass = socket_type_to_security_class(family, type, protocol);
err = avc_has_perm(sid, newsid, secclass, SOCKET__CREATE, NULL);
out:
return err;
return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
}
static int selinux_socket_post_create(struct socket *sock, int family,
@ -3720,22 +3720,14 @@ static int selinux_socket_post_create(struct socket *sock, int family,
{
const struct cred *cred = current_cred();
const struct task_security_struct *tsec = cred->security;
struct inode_security_struct *isec;
struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
struct sk_security_struct *sksec;
u32 sid, newsid;
int err = 0;
sid = tsec->sid;
newsid = tsec->sockcreate_sid;
isec = SOCK_INODE(sock)->i_security;
if (kern)
isec->sid = SECINITSID_KERNEL;
else if (newsid)
isec->sid = newsid;
else
isec->sid = sid;
isec->sid = socket_sockcreate_sid(tsec);
isec->sclass = socket_type_to_security_class(family, type, protocol);
isec->initialized = 1;

Write Preview
Loading…
Cancel
Save