| hooks.c (3583a71183a02c51ca71cd180e9189cfb0411cc1) | hooks.c (cf9481e289247fe9cf40f2e2481220d899132049) |
|---|---|
| 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 3525 unchanged lines hidden (view full) --- 3534 } 3535out: 3536 return ret; 3537} 3538 3539#endif /* IPV6 */ 3540 3541static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, | 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 3525 unchanged lines hidden (view full) --- 3534 } 3535out: 3536 return ret; 3537} 3538 3539#endif /* IPV6 */ 3540 3541static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, |
| 3542 char **addrp, int src, u8 *proto) | 3542 char **_addrp, int src, u8 *proto) |
| 3543{ | 3543{ |
| 3544 int ret = 0; | 3544 char *addrp; 3545 int ret; |
| 3545 3546 switch (ad->u.net.family) { 3547 case PF_INET: 3548 ret = selinux_parse_skb_ipv4(skb, ad, proto); | 3546 3547 switch (ad->u.net.family) { 3548 case PF_INET: 3549 ret = selinux_parse_skb_ipv4(skb, ad, proto); |
| 3549 if (ret || !addrp) 3550 break; 3551 *addrp = (char *)(src ? &ad->u.net.v4info.saddr : 3552 &ad->u.net.v4info.daddr); 3553 break; | 3550 if (ret) 3551 goto parse_error; 3552 addrp = (char *)(src ? &ad->u.net.v4info.saddr : 3553 &ad->u.net.v4info.daddr); 3554 goto okay; |
| 3554 3555#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3556 case PF_INET6: 3557 ret = selinux_parse_skb_ipv6(skb, ad, proto); | 3555 3556#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3557 case PF_INET6: 3558 ret = selinux_parse_skb_ipv6(skb, ad, proto); |
| 3558 if (ret || !addrp) 3559 break; 3560 *addrp = (char *)(src ? &ad->u.net.v6info.saddr : 3561 &ad->u.net.v6info.daddr); 3562 break; | 3559 if (ret) 3560 goto parse_error; 3561 addrp = (char *)(src ? &ad->u.net.v6info.saddr : 3562 &ad->u.net.v6info.daddr); 3563 goto okay; |
| 3563#endif /* IPV6 */ 3564 default: | 3564#endif /* IPV6 */ 3565 default: |
| 3565 break; | 3566 addrp = NULL; 3567 goto okay; |
| 3566 } 3567 | 3568 } 3569 |
| 3568 if (unlikely(ret)) 3569 printk(KERN_WARNING 3570 "SELinux: failure in selinux_parse_skb()," 3571 " unable to parse packet\n"); 3572 | 3570parse_error: 3571 printk(KERN_WARNING 3572 "SELinux: failure in selinux_parse_skb()," 3573 " unable to parse packet\n"); |
| 3573 return ret; | 3574 return ret; |
| 3575 3576okay: 3577 if (_addrp) 3578 *_addrp = addrp; 3579 return 0; |
|
| 3574} 3575 3576/** 3577 * selinux_skb_peerlbl_sid - Determine the peer label of a packet 3578 * @skb: the packet 3579 * @family: protocol family 3580 * @sid: the packet's peer label SID 3581 * --- 2155 unchanged lines hidden --- | 3580} 3581 3582/** 3583 * selinux_skb_peerlbl_sid - Determine the peer label of a packet 3584 * @skb: the packet 3585 * @family: protocol family 3586 * @sid: the packet's peer label SID 3587 * --- 2155 unchanged lines hidden --- |