| hooks.c (5c47e3cfd4f9d12e9f594d99118c1381c163ff98) | hooks.c (da69a5306ab92e07224da54aafee8b1dccf024f6) |
|---|---|
| 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 1254 unchanged lines hidden (view full) --- 1263 1264static inline int default_protocol_dgram(int protocol) 1265{ 1266 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP); 1267} 1268 1269static inline u16 socket_type_to_security_class(int family, int type, int protocol) 1270{ | 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 1254 unchanged lines hidden (view full) --- 1263 1264static inline int default_protocol_dgram(int protocol) 1265{ 1266 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP); 1267} 1268 1269static inline u16 socket_type_to_security_class(int family, int type, int protocol) 1270{ |
| 1271 int extsockclass = selinux_policycap_extsockclass; 1272 |
|
| 1271 switch (family) { 1272 case PF_UNIX: 1273 switch (type) { 1274 case SOCK_STREAM: 1275 case SOCK_SEQPACKET: 1276 return SECCLASS_UNIX_STREAM_SOCKET; 1277 case SOCK_DGRAM: 1278 return SECCLASS_UNIX_DGRAM_SOCKET; 1279 } 1280 break; 1281 case PF_INET: 1282 case PF_INET6: 1283 switch (type) { 1284 case SOCK_STREAM: | 1273 switch (family) { 1274 case PF_UNIX: 1275 switch (type) { 1276 case SOCK_STREAM: 1277 case SOCK_SEQPACKET: 1278 return SECCLASS_UNIX_STREAM_SOCKET; 1279 case SOCK_DGRAM: 1280 return SECCLASS_UNIX_DGRAM_SOCKET; 1281 } 1282 break; 1283 case PF_INET: 1284 case PF_INET6: 1285 switch (type) { 1286 case SOCK_STREAM: |
| 1287 case SOCK_SEQPACKET: |
|
| 1285 if (default_protocol_stream(protocol)) 1286 return SECCLASS_TCP_SOCKET; | 1288 if (default_protocol_stream(protocol)) 1289 return SECCLASS_TCP_SOCKET; |
| 1290 else if (extsockclass && protocol == IPPROTO_SCTP) 1291 return SECCLASS_SCTP_SOCKET; |
|
| 1287 else 1288 return SECCLASS_RAWIP_SOCKET; 1289 case SOCK_DGRAM: 1290 if (default_protocol_dgram(protocol)) 1291 return SECCLASS_UDP_SOCKET; | 1292 else 1293 return SECCLASS_RAWIP_SOCKET; 1294 case SOCK_DGRAM: 1295 if (default_protocol_dgram(protocol)) 1296 return SECCLASS_UDP_SOCKET; |
| 1297 else if (extsockclass && protocol == IPPROTO_ICMP) 1298 return SECCLASS_ICMP_SOCKET; |
|
| 1292 else 1293 return SECCLASS_RAWIP_SOCKET; 1294 case SOCK_DCCP: 1295 return SECCLASS_DCCP_SOCKET; 1296 default: 1297 return SECCLASS_RAWIP_SOCKET; 1298 } 1299 break; --- 37 unchanged lines hidden (view full) --- 1337 case PF_PACKET: 1338 return SECCLASS_PACKET_SOCKET; 1339 case PF_KEY: 1340 return SECCLASS_KEY_SOCKET; 1341 case PF_APPLETALK: 1342 return SECCLASS_APPLETALK_SOCKET; 1343 } 1344 | 1299 else 1300 return SECCLASS_RAWIP_SOCKET; 1301 case SOCK_DCCP: 1302 return SECCLASS_DCCP_SOCKET; 1303 default: 1304 return SECCLASS_RAWIP_SOCKET; 1305 } 1306 break; --- 37 unchanged lines hidden (view full) --- 1344 case PF_PACKET: 1345 return SECCLASS_PACKET_SOCKET; 1346 case PF_KEY: 1347 return SECCLASS_KEY_SOCKET; 1348 case PF_APPLETALK: 1349 return SECCLASS_APPLETALK_SOCKET; 1350 } 1351 |
| 1352 if (extsockclass) { 1353 switch (family) { 1354 case PF_AX25: 1355 return SECCLASS_AX25_SOCKET; 1356 case PF_IPX: 1357 return SECCLASS_IPX_SOCKET; 1358 case PF_NETROM: 1359 return SECCLASS_NETROM_SOCKET; 1360 case PF_BRIDGE: 1361 return SECCLASS_BRIDGE_SOCKET; 1362 case PF_ATMPVC: 1363 return SECCLASS_ATMPVC_SOCKET; 1364 case PF_X25: 1365 return SECCLASS_X25_SOCKET; 1366 case PF_ROSE: 1367 return SECCLASS_ROSE_SOCKET; 1368 case PF_DECnet: 1369 return SECCLASS_DECNET_SOCKET; 1370 case PF_ATMSVC: 1371 return SECCLASS_ATMSVC_SOCKET; 1372 case PF_RDS: 1373 return SECCLASS_RDS_SOCKET; 1374 case PF_IRDA: 1375 return SECCLASS_IRDA_SOCKET; 1376 case PF_PPPOX: 1377 return SECCLASS_PPPOX_SOCKET; 1378 case PF_LLC: 1379 return SECCLASS_LLC_SOCKET; 1380 case PF_IB: 1381 return SECCLASS_IB_SOCKET; 1382 case PF_MPLS: 1383 return SECCLASS_MPLS_SOCKET; 1384 case PF_CAN: 1385 return SECCLASS_CAN_SOCKET; 1386 case PF_TIPC: 1387 return SECCLASS_TIPC_SOCKET; 1388 case PF_BLUETOOTH: 1389 return SECCLASS_BLUETOOTH_SOCKET; 1390 case PF_IUCV: 1391 return SECCLASS_IUCV_SOCKET; 1392 case PF_RXRPC: 1393 return SECCLASS_RXRPC_SOCKET; 1394 case PF_ISDN: 1395 return SECCLASS_ISDN_SOCKET; 1396 case PF_PHONET: 1397 return SECCLASS_PHONET_SOCKET; 1398 case PF_IEEE802154: 1399 return SECCLASS_IEEE802154_SOCKET; 1400 case PF_CAIF: 1401 return SECCLASS_CAIF_SOCKET; 1402 case PF_ALG: 1403 return SECCLASS_ALG_SOCKET; 1404 case PF_NFC: 1405 return SECCLASS_NFC_SOCKET; 1406 case PF_VSOCK: 1407 return SECCLASS_VSOCK_SOCKET; 1408 case PF_KCM: 1409 return SECCLASS_KCM_SOCKET; 1410 case PF_QIPCRTR: 1411 return SECCLASS_QIPCRTR_SOCKET; 1412#if PF_MAX > 43 1413#error New address family defined, please update this function. 1414#endif 1415 } 1416 } 1417 |
|
| 1345 return SECCLASS_SOCKET; 1346} 1347 1348static int selinux_genfs_get_sid(struct dentry *dentry, 1349 u16 tclass, 1350 u16 flags, 1351 u32 *sid) 1352{ --- 5142 unchanged lines hidden --- | 1418 return SECCLASS_SOCKET; 1419} 1420 1421static int selinux_genfs_get_sid(struct dentry *dentry, 1422 u16 tclass, 1423 u16 flags, 1424 u32 *sid) 1425{ --- 5142 unchanged lines hidden --- |