| xfrm.c (96916090f488986a4ebb8e9ffa6a3b50881d5ccd) | xfrm.c (b6dff3ec5e116e3af6f537d4caedcad6b9e5082a) |
|---|---|
| 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux XFRM hook function implementations. 5 * 6 * Authors: Serge Hallyn <sergeh@us.ibm.com> 7 * Trent Jaeger <jaegert@us.ibm.com> 8 * --- 183 unchanged lines hidden (view full) --- 192/* 193 * Security blob allocation for xfrm_policy and xfrm_state 194 * CTX does not have a meaningful value on input 195 */ 196static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, 197 struct xfrm_user_sec_ctx *uctx, u32 sid) 198{ 199 int rc = 0; | 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux XFRM hook function implementations. 5 * 6 * Authors: Serge Hallyn <sergeh@us.ibm.com> 7 * Trent Jaeger <jaegert@us.ibm.com> 8 * --- 183 unchanged lines hidden (view full) --- 192/* 193 * Security blob allocation for xfrm_policy and xfrm_state 194 * CTX does not have a meaningful value on input 195 */ 196static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, 197 struct xfrm_user_sec_ctx *uctx, u32 sid) 198{ 199 int rc = 0; |
| 200 struct task_security_struct *tsec = current->security; | 200 struct task_security_struct *tsec = current->cred->security; |
| 201 struct xfrm_sec_ctx *ctx = NULL; 202 char *ctx_str = NULL; 203 u32 str_len; 204 205 BUG_ON(uctx && sid); 206 207 if (!uctx) 208 goto not_from_user; --- 119 unchanged lines hidden (view full) --- 328 kfree(ctx); 329} 330 331/* 332 * LSM hook implementation that authorizes deletion of labeled policies. 333 */ 334int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 335{ | 201 struct xfrm_sec_ctx *ctx = NULL; 202 char *ctx_str = NULL; 203 u32 str_len; 204 205 BUG_ON(uctx && sid); 206 207 if (!uctx) 208 goto not_from_user; --- 119 unchanged lines hidden (view full) --- 328 kfree(ctx); 329} 330 331/* 332 * LSM hook implementation that authorizes deletion of labeled policies. 333 */ 334int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 335{ |
| 336 struct task_security_struct *tsec = current->security; | 336 struct task_security_struct *tsec = current->cred->security; |
| 337 int rc = 0; 338 339 if (ctx) { 340 rc = avc_has_perm(tsec->sid, ctx->ctx_sid, 341 SECCLASS_ASSOCIATION, 342 ASSOCIATION__SETCONTEXT, NULL); 343 if (rc == 0) 344 atomic_dec(&selinux_xfrm_refcount); --- 28 unchanged lines hidden (view full) --- 373 kfree(ctx); 374} 375 376 /* 377 * LSM hook implementation that authorizes deletion of labeled SAs. 378 */ 379int selinux_xfrm_state_delete(struct xfrm_state *x) 380{ | 337 int rc = 0; 338 339 if (ctx) { 340 rc = avc_has_perm(tsec->sid, ctx->ctx_sid, 341 SECCLASS_ASSOCIATION, 342 ASSOCIATION__SETCONTEXT, NULL); 343 if (rc == 0) 344 atomic_dec(&selinux_xfrm_refcount); --- 28 unchanged lines hidden (view full) --- 373 kfree(ctx); 374} 375 376 /* 377 * LSM hook implementation that authorizes deletion of labeled SAs. 378 */ 379int selinux_xfrm_state_delete(struct xfrm_state *x) 380{ |
| 381 struct task_security_struct *tsec = current->security; | 381 struct task_security_struct *tsec = current->cred->security; |
| 382 struct xfrm_sec_ctx *ctx = x->security; 383 int rc = 0; 384 385 if (ctx) { 386 rc = avc_has_perm(tsec->sid, ctx->ctx_sid, 387 SECCLASS_ASSOCIATION, 388 ASSOCIATION__SETCONTEXT, NULL); 389 if (rc == 0) --- 100 unchanged lines hidden --- | 382 struct xfrm_sec_ctx *ctx = x->security; 383 int rc = 0; 384 385 if (ctx) { 386 rc = avc_has_perm(tsec->sid, ctx->ctx_sid, 387 SECCLASS_ASSOCIATION, 388 ASSOCIATION__SETCONTEXT, NULL); 389 if (rc == 0) --- 100 unchanged lines hidden --- |