| hooks.c (0ea0397a3a12f9720d6acb78a48da796a54e81aa) | hooks.c (c138325fb8713472d5a0c3c7258b9131bab40725) |
|---|---|
| 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 4177 unchanged lines hidden (view full) --- 4186 4187static int selinux_task_movememory(struct task_struct *p) 4188{ 4189 return avc_has_perm(&selinux_state, 4190 current_sid(), task_sid(p), SECCLASS_PROCESS, 4191 PROCESS__SETSCHED, NULL); 4192} 4193 | 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 4177 unchanged lines hidden (view full) --- 4186 4187static int selinux_task_movememory(struct task_struct *p) 4188{ 4189 return avc_has_perm(&selinux_state, 4190 current_sid(), task_sid(p), SECCLASS_PROCESS, 4191 PROCESS__SETSCHED, NULL); 4192} 4193 |
| 4194static int selinux_task_kill(struct task_struct *p, struct kernel_siginfo *info, | 4194static int selinux_task_kill(struct task_struct *p, struct siginfo *info, |
| 4195 int sig, const struct cred *cred) 4196{ 4197 u32 secid; 4198 u32 perm; 4199 4200 if (!sig) 4201 perm = PROCESS__SIGNULL; /* null signal; existence test */ 4202 else --- 1110 unchanged lines hidden (view full) --- 5313 if (!selinux_policycap_extsockclass()) 5314 return 0; 5315 5316 /* Process one or more addresses that may be IPv4 or IPv6 */ 5317 sock = sk->sk_socket; 5318 addr_buf = address; 5319 5320 while (walk_size < addrlen) { | 4195 int sig, const struct cred *cred) 4196{ 4197 u32 secid; 4198 u32 perm; 4199 4200 if (!sig) 4201 perm = PROCESS__SIGNULL; /* null signal; existence test */ 4202 else --- 1110 unchanged lines hidden (view full) --- 5313 if (!selinux_policycap_extsockclass()) 5314 return 0; 5315 5316 /* Process one or more addresses that may be IPv4 or IPv6 */ 5317 sock = sk->sk_socket; 5318 addr_buf = address; 5319 5320 while (walk_size < addrlen) { |
| 5321 if (walk_size + sizeof(sa_family_t) > addrlen) 5322 return -EINVAL; 5323 |
|
| 5321 addr = addr_buf; 5322 switch (addr->sa_family) { 5323 case AF_UNSPEC: 5324 case AF_INET: 5325 len = sizeof(struct sockaddr_in); 5326 break; 5327 case AF_INET6: 5328 len = sizeof(struct sockaddr_in6); --- 1873 unchanged lines hidden (view full) --- 7202 7203 /* Set up any superblocks initialized prior to the policy load. */ 7204 pr_debug("SELinux: Setting up existing superblocks.\n"); 7205 iterate_supers(delayed_superblock_init, NULL); 7206} 7207 7208/* SELinux requires early initialization in order to label 7209 all processes and objects when they are created. */ | 5324 addr = addr_buf; 5325 switch (addr->sa_family) { 5326 case AF_UNSPEC: 5327 case AF_INET: 5328 len = sizeof(struct sockaddr_in); 5329 break; 5330 case AF_INET6: 5331 len = sizeof(struct sockaddr_in6); --- 1873 unchanged lines hidden (view full) --- 7205 7206 /* Set up any superblocks initialized prior to the policy load. */ 7207 pr_debug("SELinux: Setting up existing superblocks.\n"); 7208 iterate_supers(delayed_superblock_init, NULL); 7209} 7210 7211/* SELinux requires early initialization in order to label 7212 all processes and objects when they are created. */ |
| 7210DEFINE_LSM(selinux) = { 7211 .name = "selinux", 7212 .init = selinux_init, 7213}; | 7213security_initcall(selinux_init); |
| 7214 7215#if defined(CONFIG_NETFILTER) 7216 7217static const struct nf_hook_ops selinux_nf_ops[] = { 7218 { 7219 .hook = selinux_ipv4_postroute, 7220 .pf = NFPROTO_IPV4, 7221 .hooknum = NF_INET_POST_ROUTING, --- 120 unchanged lines hidden --- | 7214 7215#if defined(CONFIG_NETFILTER) 7216 7217static const struct nf_hook_ops selinux_nf_ops[] = { 7218 { 7219 .hook = selinux_ipv4_postroute, 7220 .pf = NFPROTO_IPV4, 7221 .hooknum = NF_INET_POST_ROUTING, --- 120 unchanged lines hidden --- |