Gitweb:
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=63cb34492351078479b2d4bae6a881806a396286
Commit: 63cb34492351078479b2d4bae6a881806a396286
Parent: c43e259cc756ece387faae849af0058b56d78466
Author: David Howells <[EMAIL PROTECTED]>
AuthorDate: Tue Jan 15 23:47:35 2008 +0000
Committer: James Morris <[EMAIL PROTECTED]>
CommitDate: Fri Jan 25 11:29:53 2008 +1100
security: add a secctx_to_secid() hook
Add a secctx_to_secid() LSM hook to go along with the existing
secid_to_secctx() LSM hook. This patch also includes the SELinux
implementation for this hook.
Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
include/linux/security.h | 13 +++++++++++++
security/dummy.c | 6 ++++++
security/security.c | 6 ++++++
security/selinux/hooks.c | 6 ++++++
4 files changed, 31 insertions(+), 0 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 2e2c63f..e4a91cb 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1202,6 +1202,10 @@ struct request_sock;
* Convert secid to security context.
* @secid contains the security ID.
* @secdata contains the pointer that stores the converted security
context.
+ * @secctx_to_secid:
+ * Convert security context to secid.
+ * @secid contains the pointer to the generated security ID.
+ * @secdata contains the security context.
*
* @release_secctx:
* Release the security context.
@@ -1396,6 +1400,7 @@ struct security_operations {
int (*getprocattr)(struct task_struct *p, char *name, char **value);
int (*setprocattr)(struct task_struct *p, char *name, void *value,
size_t size);
int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
+ int (*secctx_to_secid)(char *secdata, u32 seclen, u32 *secid);
void (*release_secctx)(char *secdata, u32 seclen);
#ifdef CONFIG_SECURITY_NETWORK
@@ -1634,6 +1639,7 @@ int security_setprocattr(struct task_struct *p, char
*name, void *value, size_t
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_netlink_recv(struct sk_buff *skb, int cap);
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
+int security_secctx_to_secid(char *secdata, u32 seclen, u32 *secid);
void security_release_secctx(char *secdata, u32 seclen);
#else /* CONFIG_SECURITY */
@@ -2308,6 +2314,13 @@ static inline int security_secid_to_secctx(u32 secid,
char **secdata, u32 *secle
return -EOPNOTSUPP;
}
+static inline int security_secctx_to_secid(char *secdata,
+ u32 seclen,
+ u32 *secid)
+{
+ return -EOPNOTSUPP;
+}
+
static inline void security_release_secctx(char *secdata, u32 seclen)
{
}
diff --git a/security/dummy.c b/security/dummy.c
index 8e34e03..48d4b0a 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -946,6 +946,11 @@ static int dummy_secid_to_secctx(u32 secid, char
**secdata, u32 *seclen)
return -EOPNOTSUPP;
}
+static int dummy_secctx_to_secid(char *secdata, u32 seclen, u32 *secid)
+{
+ return -EOPNOTSUPP;
+}
+
static void dummy_release_secctx(char *secdata, u32 seclen)
{
}
@@ -1106,6 +1111,7 @@ void security_fixup_ops (struct security_operations *ops)
set_to_dummy_if_null(ops, getprocattr);
set_to_dummy_if_null(ops, setprocattr);
set_to_dummy_if_null(ops, secid_to_secctx);
+ set_to_dummy_if_null(ops, secctx_to_secid);
set_to_dummy_if_null(ops, release_secctx);
#ifdef CONFIG_SECURITY_NETWORK
set_to_dummy_if_null(ops, unix_stream_connect);
diff --git a/security/security.c b/security/security.c
index 5068808..ca475ca 100644
--- a/security/security.c
+++ b/security/security.c
@@ -831,6 +831,12 @@ int security_secid_to_secctx(u32 secid, char **secdata,
u32 *seclen)
}
EXPORT_SYMBOL(security_secid_to_secctx);
+int security_secctx_to_secid(char *secdata, u32 seclen, u32 *secid)
+{
+ return security_ops->secctx_to_secid(secdata, seclen, secid);
+}
+EXPORT_SYMBOL(security_secctx_to_secid);
+
void security_release_secctx(char *secdata, u32 seclen)
{
return security_ops->release_secctx(secdata, seclen);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 233c8b9..0396354 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4947,6 +4947,11 @@ static int selinux_secid_to_secctx(u32 secid, char
**secdata, u32 *seclen)
return security_sid_to_context(secid, secdata, seclen);
}
+static int selinux_secctx_to_secid(char *secdata, u32 seclen, u32 *secid)
+{
+ return security_context_to_sid(secdata, seclen, secid);
+}
+
static void selinux_release_secctx(char *secdata, u32 seclen)
{
kfree(secdata);
@@ -5138,6 +5143,7 @@ static struct security_operations selinux_ops = {
.setprocattr = selinux_setprocattr,
.secid_to_secctx = selinux_secid_to_secctx,
+ .secctx_to_secid = selinux_secctx_to_secid,
.release_secctx = selinux_release_secctx,
.unix_stream_connect = selinux_socket_unix_stream_connect,
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
