| hooks.c (08dbc7a66af2321661173c04d872eba44003cc13) | hooks.c (0b811db2cb2aabc910e53d34ebb95a15997c33e7) |
|---|---|
| 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 1457 unchanged lines hidden (view full) --- 1466 case PF_VSOCK: 1467 return SECCLASS_VSOCK_SOCKET; 1468 case PF_KCM: 1469 return SECCLASS_KCM_SOCKET; 1470 case PF_QIPCRTR: 1471 return SECCLASS_QIPCRTR_SOCKET; 1472 case PF_SMC: 1473 return SECCLASS_SMC_SOCKET; | 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 1457 unchanged lines hidden (view full) --- 1466 case PF_VSOCK: 1467 return SECCLASS_VSOCK_SOCKET; 1468 case PF_KCM: 1469 return SECCLASS_KCM_SOCKET; 1470 case PF_QIPCRTR: 1471 return SECCLASS_QIPCRTR_SOCKET; 1472 case PF_SMC: 1473 return SECCLASS_SMC_SOCKET; |
| 1474 case PF_XDP: 1475 return SECCLASS_XDP_SOCKET; 1476#if PF_MAX > 45 | 1474#if PF_MAX > 44 |
| 1477#error New address family defined, please update this function. 1478#endif 1479 } 1480 } 1481 1482 return SECCLASS_SOCKET; 1483} 1484 --- 3081 unchanged lines hidden (view full) --- 4566 sksec->sctp_assoc_state = SCTP_ASSOC_UNSET; 4567 4568 err = selinux_netlbl_socket_post_create(sock->sk, family); 4569 } 4570 4571 return err; 4572} 4573 | 1475#error New address family defined, please update this function. 1476#endif 1477 } 1478 } 1479 1480 return SECCLASS_SOCKET; 1481} 1482 --- 3081 unchanged lines hidden (view full) --- 4564 sksec->sctp_assoc_state = SCTP_ASSOC_UNSET; 4565 4566 err = selinux_netlbl_socket_post_create(sock->sk, family); 4567 } 4568 4569 return err; 4570} 4571 |
| 4572static int selinux_socket_socketpair(struct socket *socka, 4573 struct socket *sockb) 4574{ 4575 struct sk_security_struct *sksec_a = socka->sk->sk_security; 4576 struct sk_security_struct *sksec_b = sockb->sk->sk_security; 4577 4578 sksec_a->peer_sid = sksec_b->sid; 4579 sksec_b->peer_sid = sksec_a->sid; 4580 4581 return 0; 4582} 4583 |
|
| 4574/* Range of port numbers used to automatically bind. 4575 Need to determine whether we should perform a name_bind 4576 permission check between the socket and the port number. */ 4577 4578static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) 4579{ 4580 struct sock *sk = sock->sk; 4581 u16 family; --- 2414 unchanged lines hidden (view full) --- 6996 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx), 6997 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx), 6998 6999 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect), 7000 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send), 7001 7002 LSM_HOOK_INIT(socket_create, selinux_socket_create), 7003 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create), | 4584/* Range of port numbers used to automatically bind. 4585 Need to determine whether we should perform a name_bind 4586 permission check between the socket and the port number. */ 4587 4588static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) 4589{ 4590 struct sock *sk = sock->sk; 4591 u16 family; --- 2414 unchanged lines hidden (view full) --- 7006 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx), 7007 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx), 7008 7009 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect), 7010 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send), 7011 7012 LSM_HOOK_INIT(socket_create, selinux_socket_create), 7013 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create), |
| 7014 LSM_HOOK_INIT(socket_socketpair, selinux_socket_socketpair), |
|
| 7004 LSM_HOOK_INIT(socket_bind, selinux_socket_bind), 7005 LSM_HOOK_INIT(socket_connect, selinux_socket_connect), 7006 LSM_HOOK_INIT(socket_listen, selinux_socket_listen), 7007 LSM_HOOK_INIT(socket_accept, selinux_socket_accept), 7008 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg), 7009 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg), 7010 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname), 7011 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername), --- 276 unchanged lines hidden --- | 7015 LSM_HOOK_INIT(socket_bind, selinux_socket_bind), 7016 LSM_HOOK_INIT(socket_connect, selinux_socket_connect), 7017 LSM_HOOK_INIT(socket_listen, selinux_socket_listen), 7018 LSM_HOOK_INIT(socket_accept, selinux_socket_accept), 7019 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg), 7020 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg), 7021 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname), 7022 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername), --- 276 unchanged lines hidden --- |