| services.c (3de4bab5b9f8848a0c16a4b1ffe0452f0d670237) | services.c (02752760359db6b00a3ffb1acfc13ef8d9eb1e3f) |
|---|---|
| 1/* 2 * Implementation of the security services. 3 * 4 * Authors : Stephen Smalley, <sds@epoch.ncsc.mil> 5 * James Morris <jmorris@redhat.com> 6 * 7 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 8 * --- 41 unchanged lines hidden (view full) --- 50#include "policydb.h" 51#include "sidtab.h" 52#include "services.h" 53#include "conditional.h" 54#include "mls.h" 55#include "objsec.h" 56#include "selinux_netlabel.h" 57#include "xfrm.h" | 1/* 2 * Implementation of the security services. 3 * 4 * Authors : Stephen Smalley, <sds@epoch.ncsc.mil> 5 * James Morris <jmorris@redhat.com> 6 * 7 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 8 * --- 41 unchanged lines hidden (view full) --- 50#include "policydb.h" 51#include "sidtab.h" 52#include "services.h" 53#include "conditional.h" 54#include "mls.h" 55#include "objsec.h" 56#include "selinux_netlabel.h" 57#include "xfrm.h" |
| 58#include "ebitmap.h" |
|
| 58 59extern void selnl_notify_policyload(u32 seqno); 60unsigned int policydb_loaded_version; 61 62/* 63 * This is declared in avc.c 64 */ 65extern const struct selinux_class_perm selinux_class_perm; --- 2313 unchanged lines hidden (view full) --- 2379 } else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { 2380 ctx = sidtab_search(&sidtab, base_sid); 2381 if (ctx == NULL) 2382 goto netlbl_secattr_to_sid_return; 2383 2384 ctx_new.user = ctx->user; 2385 ctx_new.role = ctx->role; 2386 ctx_new.type = ctx->type; | 59 60extern void selnl_notify_policyload(u32 seqno); 61unsigned int policydb_loaded_version; 62 63/* 64 * This is declared in avc.c 65 */ 66extern const struct selinux_class_perm selinux_class_perm; --- 2313 unchanged lines hidden (view full) --- 2380 } else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { 2381 ctx = sidtab_search(&sidtab, base_sid); 2382 if (ctx == NULL) 2383 goto netlbl_secattr_to_sid_return; 2384 2385 ctx_new.user = ctx->user; 2386 ctx_new.role = ctx->role; 2387 ctx_new.type = ctx->type; |
| 2387 mls_import_lvl(&ctx_new, secattr->mls_lvl, secattr->mls_lvl); | 2388 mls_import_netlbl_lvl(&ctx_new, secattr); |
| 2388 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { | 2389 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { |
| 2389 if (mls_import_cat(&ctx_new, 2390 secattr->mls_cat, 2391 secattr->mls_cat_len, 2392 NULL, 2393 0) != 0) | 2390 if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat, 2391 secattr->mls_cat) != 0) |
| 2394 goto netlbl_secattr_to_sid_return; 2395 ctx_new.range.level[1].cat.highbit = 2396 ctx_new.range.level[0].cat.highbit; 2397 ctx_new.range.level[1].cat.node = 2398 ctx_new.range.level[0].cat.node; 2399 } else { 2400 ebitmap_init(&ctx_new.range.level[0].cat); 2401 ebitmap_init(&ctx_new.range.level[1].cat); --- 79 unchanged lines hidden (view full) --- 2481 POLICY_RDLOCK; 2482 2483 ctx = sidtab_search(&sidtab, sid); 2484 if (ctx == NULL) 2485 goto netlbl_socket_setsid_return; 2486 2487 secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], 2488 GFP_ATOMIC); | 2392 goto netlbl_secattr_to_sid_return; 2393 ctx_new.range.level[1].cat.highbit = 2394 ctx_new.range.level[0].cat.highbit; 2395 ctx_new.range.level[1].cat.node = 2396 ctx_new.range.level[0].cat.node; 2397 } else { 2398 ebitmap_init(&ctx_new.range.level[0].cat); 2399 ebitmap_init(&ctx_new.range.level[1].cat); --- 79 unchanged lines hidden (view full) --- 2479 POLICY_RDLOCK; 2480 2481 ctx = sidtab_search(&sidtab, sid); 2482 if (ctx == NULL) 2483 goto netlbl_socket_setsid_return; 2484 2485 secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], 2486 GFP_ATOMIC); |
| 2489 mls_export_lvl(ctx, &secattr.mls_lvl, NULL); 2490 rc = mls_export_cat(ctx, 2491 &secattr.mls_cat, 2492 &secattr.mls_cat_len, 2493 NULL, 2494 NULL); | 2487 secattr.flags |= NETLBL_SECATTR_DOMAIN; 2488 mls_export_netlbl_lvl(ctx, &secattr); 2489 rc = mls_export_netlbl_cat(ctx, &secattr); |
| 2495 if (rc != 0) 2496 goto netlbl_socket_setsid_return; 2497 | 2490 if (rc != 0) 2491 goto netlbl_socket_setsid_return; 2492 |
| 2498 secattr.flags |= NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; 2499 if (secattr.mls_cat) 2500 secattr.flags |= NETLBL_SECATTR_MLS_CAT; 2501 | |
| 2502 rc = netlbl_socket_setattr(sock, &secattr); 2503 if (rc == 0) { 2504 spin_lock(&sksec->nlbl_lock); 2505 sksec->nlbl_state = NLBL_LABELED; 2506 spin_unlock(&sksec->nlbl_lock); 2507 } 2508 2509netlbl_socket_setsid_return: --- 257 unchanged lines hidden --- | 2493 rc = netlbl_socket_setattr(sock, &secattr); 2494 if (rc == 0) { 2495 spin_lock(&sksec->nlbl_lock); 2496 sksec->nlbl_state = NLBL_LABELED; 2497 spin_unlock(&sksec->nlbl_lock); 2498 } 2499 2500netlbl_socket_setsid_return: --- 257 unchanged lines hidden --- |