hooks.c - OpenGrok cross reference for /openbmc/linux/security/selinux/hooks.c

Deleted Added

sdiffudifftextold (9a673e56..)new (99f59ed0..)

hooks.c (9a673e563e543a5c8a6f9824562e55e807b8a56c)	hooks.c (99f59ed073d3c1b890690064ab285a201dea2e35)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 267 unchanged lines hidden (view full) --- 276 if (!ssec) 277 return -ENOMEM; 278 279 ssec->sk = sk; 280 ssec->peer_sid = SECINITSID_UNLABELED; 281 ssec->sid = SECINITSID_UNLABELED; 282 sk->sk_security = ssec; 283	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 267 unchanged lines hidden (view full) --- 276 if (!ssec) 277 return -ENOMEM; 278 279 ssec->sk = sk; 280 ssec->peer_sid = SECINITSID_UNLABELED; 281 ssec->sid = SECINITSID_UNLABELED; 282 sk->sk_security = ssec; 283
	284 selinux_netlbl_sk_security_init(ssec, family); 285
284 return 0; 285} 286 287static void sk_free_security(struct sock sk) 288{ 289 struct sk_security_struct ssec = sk->sk_security; 290 291 sk->sk_security = NULL; --- 3288 unchanged lines hidden (view full) --- 3580 3581static void selinux_sk_clone_security(const struct sock sk, struct sock newsk) 3582{ 3583 struct sk_security_struct ssec = sk->sk_security; 3584 struct sk_security_struct newssec = newsk->sk_security; 3585 3586 newssec->sid = ssec->sid; 3587 newssec->peer_sid = ssec->peer_sid;	286 return 0; 287} 288 289static void sk_free_security(struct sock sk) 290{ 291 struct sk_security_struct ssec = sk->sk_security; 292 293 sk->sk_security = NULL; --- 3288 unchanged lines hidden (view full) --- 3582 3583static void selinux_sk_clone_security(const struct sock sk, struct sock newsk) 3584{ 3585 struct sk_security_struct ssec = sk->sk_security; 3586 struct sk_security_struct newssec = newsk->sk_security; 3587 3588 newssec->sid = ssec->sid; 3589 newssec->peer_sid = ssec->peer_sid;
	3590 3591 selinux_netlbl_sk_clone_security(ssec, newssec);
3588} 3589 3590static void selinux_sk_getsecid(struct sock sk, u32 secid) 3591{ 3592 if (!sk) 3593 secid = SECINITSID_ANY_SOCKET; 3594 else { 3595 struct sk_security_struct sksec = sk->sk_security; --- 47 unchanged lines hidden (view full) --- 3643{ 3644 struct sk_security_struct newsksec = newsk->sk_security; 3645 3646 newsksec->sid = req->secid; 3647 / NOTE: Ideally, we should also get the isec->sid for the 3648 new socket in sync, but we don't have the isec available yet. 3649 So we will wait until sock_graft to do it, by which 3650 time it will have been created and available. */	3592} 3593 3594static void selinux_sk_getsecid(struct sock sk, u32 secid) 3595{ 3596 if (!sk) 3597 secid = SECINITSID_ANY_SOCKET; 3598 else { 3599 struct sk_security_struct sksec = sk->sk_security; --- 47 unchanged lines hidden (view full) --- 3647{ 3648 struct sk_security_struct newsksec = newsk->sk_security; 3649 3650 newsksec->sid = req->secid; 3651 / NOTE: Ideally, we should also get the isec->sid for the 3652 new socket in sync, but we don't have the isec available yet. 3653 So we will wait until sock_graft to do it, by which 3654 time it will have been created and available. */
	3655 3656 selinux_netlbl_sk_security_init(newsksec, req->rsk_ops->family);
3651} 3652 3653static void selinux_req_classify_flow(const struct request_sock req, 3654 struct flowi fl) 3655{ 3656 fl->secid = req->secid; 3657} 3658 --- 1263 unchanged lines hidden ---	3657} 3658 3659static void selinux_req_classify_flow(const struct request_sock req, 3660 struct flowi fl) 3661{ 3662 fl->secid = req->secid; 3663} 3664 --- 1263 unchanged lines hidden ---