xfrm.c - OpenGrok cross reference for /openbmc/linux/security/selinux/xfrm.c

Deleted Added

sdiffudifftextold (67f83cbf..)new (3de4bab5..)

xfrm.c (67f83cbf081a70426ff667e8d14f94e13ed3bdca)	xfrm.c (3de4bab5b9f8848a0c16a4b1ffe0452f0d670237)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux XFRM hook function implementations. 5 * 6 * Authors: Serge Hallyn <sergeh@us.ibm.com> 7 * Trent Jaeger <jaegert@us.ibm.com> 8 * --- 358 unchanged lines hidden (view full) --- 367 / 368void selinux_xfrm_state_free(struct xfrm_state x) 369{ 370 struct xfrm_sec_ctx *ctx = x->security; 371 if (ctx) 372 kfree(ctx); 373} 374	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux XFRM hook function implementations. 5 * 6 * Authors: Serge Hallyn <sergeh@us.ibm.com> 7 * Trent Jaeger <jaegert@us.ibm.com> 8 * --- 358 unchanged lines hidden (view full) --- 367 / 368void selinux_xfrm_state_free(struct xfrm_state x) 369{ 370 struct xfrm_sec_ctx *ctx = x->security; 371 if (ctx) 372 kfree(ctx); 373} 374
375/* 376 * SELinux internal function to retrieve the context of a UDP packet 377 * based on its security association. 378 * 379 * Retrieve via setsockopt IP_PASSSEC and recvmsg with control message 380 * type SCM_SECURITY. 381 / 382u32 selinux_socket_getpeer_dgram(struct sk_buff skb) 383{ 384 struct sec_path sp; 385 386 if (skb == NULL) 387 return SECSID_NULL; 388 389 if (skb->sk->sk_protocol != IPPROTO_UDP) 390 return SECSID_NULL; 391 392 sp = skb->sp; 393 if (sp) { 394 int i; 395 396 for (i = sp->len-1; i >= 0; i--) { 397 struct xfrm_state x = sp->xvec[i]; 398 if (selinux_authorizable_xfrm(x)) { 399 struct xfrm_sec_ctx *ctx = x->security; 400 return ctx->ctx_sid; 401 } 402 } 403 } 404 405 return SECSID_NULL; 406} 407
408 /* 409 * LSM hook implementation that authorizes deletion of labeled SAs. 410 / 411int selinux_xfrm_state_delete(struct xfrm_state x) 412{ 413 struct task_security_struct tsec = current->security; 414 struct xfrm_sec_ctx ctx = x->security; 415 int rc = 0; --- 103 unchanged lines hidden ---	375 /* 376 * LSM hook implementation that authorizes deletion of labeled SAs. 377 / 378int selinux_xfrm_state_delete(struct xfrm_state x) 379{ 380 struct task_security_struct tsec = current->security; 381 struct xfrm_sec_ctx ctx = x->security; 382 int rc = 0; --- 103 unchanged lines hidden ---

xfrm.c (67f83cbf081a70426ff667e8d14f94e13ed3bdca)	xfrm.c (3de4bab5b9f8848a0c16a4b1ffe0452f0d670237)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux XFRM hook function implementations. 5 * 6 * Authors: Serge Hallyn <sergeh@us.ibm.com> 7 * Trent Jaeger <jaegert@us.ibm.com> 8 * --- 358 unchanged lines hidden (view full) --- 367 / 368void selinux_xfrm_state_free(struct xfrm_state x) 369{ 370 struct xfrm_sec_ctx *ctx = x->security; 371 if (ctx) 372 kfree(ctx); 373} 374	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux XFRM hook function implementations. 5 * 6 * Authors: Serge Hallyn <sergeh@us.ibm.com> 7 * Trent Jaeger <jaegert@us.ibm.com> 8 * --- 358 unchanged lines hidden (view full) --- 367 / 368void selinux_xfrm_state_free(struct xfrm_state x) 369{ 370 struct xfrm_sec_ctx *ctx = x->security; 371 if (ctx) 372 kfree(ctx); 373} 374
375/* 376 * SELinux internal function to retrieve the context of a UDP packet 377 * based on its security association. 378 * 379 * Retrieve via setsockopt IP_PASSSEC and recvmsg with control message 380 * type SCM_SECURITY. 381 / 382u32 selinux_socket_getpeer_dgram(struct sk_buff skb) 383{ 384 struct sec_path sp; 385 386 if (skb == NULL) 387 return SECSID_NULL; 388 389 if (skb->sk->sk_protocol != IPPROTO_UDP) 390 return SECSID_NULL; 391 392 sp = skb->sp; 393 if (sp) { 394 int i; 395 396 for (i = sp->len-1; i >= 0; i--) { 397 struct xfrm_state x = sp->xvec[i]; 398 if (selinux_authorizable_xfrm(x)) { 399 struct xfrm_sec_ctx *ctx = x->security; 400 return ctx->ctx_sid; 401 } 402 } 403 } 404 405 return SECSID_NULL; 406} 407
408 /* 409 * LSM hook implementation that authorizes deletion of labeled SAs. 410 / 411int selinux_xfrm_state_delete(struct xfrm_state x) 412{ 413 struct task_security_struct tsec = current->security; 414 struct xfrm_sec_ctx ctx = x->security; 415 int rc = 0; --- 103 unchanged lines hidden ---	375 /* 376 * LSM hook implementation that authorizes deletion of labeled SAs. 377 / 378int selinux_xfrm_state_delete(struct xfrm_state x) 379{ 380 struct task_security_struct tsec = current->security; 381 struct xfrm_sec_ctx ctx = x->security; 382 int rc = 0; --- 103 unchanged lines hidden ---