hooks.c - OpenGrok cross reference for /openbmc/linux/security/selinux/hooks.c

Deleted Added

sdiffudifftextold (c1f3ee12..)new (42492594..)

hooks.c (c1f3ee120bb61045b1c0a3ead620d1d65af47130)	hooks.c (42492594043d621a7910ff5877c3eb9202870b45)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 122 unchanged lines hidden (view full) --- 131 132/* Lists of inode and superblock security structures initialized 133 before the policy was loaded. / 134static LIST_HEAD(superblock_security_head); 135static DEFINE_SPINLOCK(sb_security_lock); 136 137static struct kmem_cache sel_inode_cache; 138	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 122 unchanged lines hidden (view full) --- 131 132/* Lists of inode and superblock security structures initialized 133 before the policy was loaded. / 134static LIST_HEAD(superblock_security_head); 135static DEFINE_SPINLOCK(sb_security_lock); 136 137static struct kmem_cache sel_inode_cache; 138
139/* Return security context for a given sid or just the context 140 length if the buffer is null or length is 0 / 141static int selinux_getsecurity(u32 sid, void buffer, size_t size) 142{ 143 char *context; 144 unsigned len; 145 int rc; 146 147 rc = security_sid_to_context(sid, &context, &len); 148 if (rc) 149 return rc; 150 151 if (!buffer \|\| !size) 152 goto getsecurity_exit; 153 154 if (size < len) { 155 len = -ERANGE; 156 goto getsecurity_exit; 157 } 158 memcpy(buffer, context, len); 159 160getsecurity_exit: 161 kfree(context); 162 return len; 163} 164
165/** 166 * selinux_secmark_enabled - Check to see if SECMARK is currently enabled 167 * 168 * Description: 169 * This function checks the SECMARK reference counter to see if any SECMARK 170 * targets are currently configured, if the reference counter is greater than 171 * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is 172 * enabled, false (0) if SECMARK is disabled. --- 2497 unchanged lines hidden (view full) --- 2670 2671/* 2672 * Copy the in-core inode security context value to the user. If the 2673 * getxattr() prior to this succeeded, check to see if we need to 2674 * canonicalize the value to be finally returned to the user. 2675 * 2676 * Permission check is handled by selinux_inode_getxattr hook. 2677 */	139/** 140 * selinux_secmark_enabled - Check to see if SECMARK is currently enabled 141 * 142 * Description: 143 * This function checks the SECMARK reference counter to see if any SECMARK 144 * targets are currently configured, if the reference counter is greater than 145 * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is 146 * enabled, false (0) if SECMARK is disabled. --- 2497 unchanged lines hidden (view full) --- 2644 2645/* 2646 * Copy the in-core inode security context value to the user. If the 2647 * getxattr() prior to this succeeded, check to see if we need to 2648 * canonicalize the value to be finally returned to the user. 2649 * 2650 * Permission check is handled by selinux_inode_getxattr hook. 2651 */
2678static int selinux_inode_getsecurity(const struct inode inode, const char name, void *buffer, size_t size, int err)	2652static int selinux_inode_getsecurity(const struct inode inode, const char name, void **buffer, bool alloc)
2679{	2653{
	2654 u32 size; 2655 int error; 2656 char *context = NULL;
2680 struct inode_security_struct *isec = inode->i_security; 2681 2682 if (strcmp(name, XATTR_SELINUX_SUFFIX)) 2683 return -EOPNOTSUPP; 2684	2657 struct inode_security_struct *isec = inode->i_security; 2658 2659 if (strcmp(name, XATTR_SELINUX_SUFFIX)) 2660 return -EOPNOTSUPP; 2661
2685 return selinux_getsecurity(isec->sid, buffer, size);	2662 error = security_sid_to_context(isec->sid, &context, &size); 2663 if (error) 2664 return error; 2665 error = size; 2666 if (alloc) { 2667 *buffer = context; 2668 goto out_nofree; 2669 } 2670 kfree(context); 2671out_nofree: 2672 return error;
2686} 2687 2688static int selinux_inode_setsecurity(struct inode inode, const char name, 2689 const void value, size_t size, int flags) 2690{ 2691 struct inode_security_struct isec = inode->i_security; 2692 u32 newsid; 2693 int rc; --- 2921 unchanged lines hidden ---	2673} 2674 2675static int selinux_inode_setsecurity(struct inode inode, const char name, 2676 const void value, size_t size, int flags) 2677{ 2678 struct inode_security_struct isec = inode->i_security; 2679 u32 newsid; 2680 int rc; --- 2921 unchanged lines hidden ---