From: Thomas Liu <tliu@redhat.com>
To: selinux@tycho.nsa.gov
Cc: StephenSmalley <sds@tycho.nsa.gov>,
jmorris@namei.org, eparis@parisplace.org
Subject: [PATCH 1/2 -v3] Namespacing of security/selinux
Date: Tue, 07 Jul 2009 17:49:15 -0400 [thread overview]
Message-ID: <1247003355.2149.2.camel@Ares> (raw)
In-Reply-To: <1246968394.28321.171.camel@moss-pluto.epoch.ncsc.mil>
This includes namespacing of all items originally labeled
security_ with sel_.
In addition, the functions sel_netif_sid and security_netif_sid
have been renamed because the namespacing would cause a conflict.
sel_netif_sid has been renamed to sel_netif_sid_by_index, and
security_netif_sid has been renamed to sel_netif_sid_by_name
Signed-off-by: Thomas Liu <tliu@redhat.com>
---
security/selinux/avc.c | 8 +-
security/selinux/exports.c | 2 +-
security/selinux/hooks.c | 80 +++++++++++-----------
security/selinux/include/netif.h | 2 +-
security/selinux/include/security.h | 60 ++++++++--------
security/selinux/netif.c | 6 +-
security/selinux/netlabel.c | 8 +-
security/selinux/netnode.c | 4 +-
security/selinux/netport.c | 2 +-
security/selinux/selinuxfs.c | 56 ++++++++--------
security/selinux/ss/services.c | 130 +++++++++++++++++-----------------
security/selinux/xfrm.c | 4 +-
12 files changed, 182 insertions(+), 180 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 236aaa2..d0dfee0 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -203,7 +203,7 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
char *scontext;
u32 scontext_len;
- rc = security_sid_to_context(ssid, &scontext, &scontext_len);
+ rc = sel_sid_to_context(ssid, &scontext, &scontext_len);
if (rc)
audit_log_format(ab, "ssid=%d", ssid);
else {
@@ -211,7 +211,7 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
kfree(scontext);
}
- rc = security_sid_to_context(tsid, &scontext, &scontext_len);
+ rc = sel_sid_to_context(tsid, &scontext, &scontext_len);
if (rc)
audit_log_format(ab, " tsid=%d", tsid);
else {
@@ -448,7 +448,7 @@ static int avc_latest_notif_update(int seqno, int is_insert)
* (@ssid, @tsid) and class @tclass.
* The access vectors and the sequence number are
* normally provided by the security server in
- * response to a security_compute_av() call. If the
+ * response to a sel_compute_av() call. If the
* sequence number @avd->seqno is not less than the latest
* revocation notification, then the function copies
* the access vectors into a cache entry, returns
@@ -911,7 +911,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
else
avd = &avd_entry;
- rc = security_compute_av(ssid, tsid, tclass, requested, avd);
+ rc = sel_compute_av(ssid, tsid, tclass, requested, avd);
if (rc)
goto out;
rcu_read_lock();
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index c73aeaa..ba1f91d 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -28,7 +28,7 @@ extern atomic_t selinux_secmark_refcount;
int selinux_string_to_sid(char *str, u32 *sid)
{
if (selinux_enabled)
- return security_context_to_sid(str, strlen(str), sid);
+ return sel_context_to_sid(str, strlen(str), sid);
else {
*sid = 0;
return 0;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 2081055..9d27178 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -525,21 +525,21 @@ static int selinux_get_mnt_opts(const struct super_block *sb,
i = 0;
if (sbsec->flags & FSCONTEXT_MNT) {
- rc = security_sid_to_context(sbsec->sid, &context, &len);
+ rc = sel_sid_to_context(sbsec->sid, &context, &len);
if (rc)
goto out_free;
opts->mnt_opts[i] = context;
opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
}
if (sbsec->flags & CONTEXT_MNT) {
- rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
+ rc = sel_sid_to_context(sbsec->mntpoint_sid, &context, &len);
if (rc)
goto out_free;
opts->mnt_opts[i] = context;
opts->mnt_opts_flags[i++] = CONTEXT_MNT;
}
if (sbsec->flags & DEFCONTEXT_MNT) {
- rc = security_sid_to_context(sbsec->def_sid, &context, &len);
+ rc = sel_sid_to_context(sbsec->def_sid, &context, &len);
if (rc)
goto out_free;
opts->mnt_opts[i] = context;
@@ -549,7 +549,7 @@ static int selinux_get_mnt_opts(const struct super_block *sb,
struct inode *root = sbsec->sb->s_root->d_inode;
struct inode_security_struct *isec = root->i_security;
- rc = security_sid_to_context(isec->sid, &context, &len);
+ rc = sel_sid_to_context(isec->sid, &context, &len);
if (rc)
goto out_free;
opts->mnt_opts[i] = context;
@@ -652,10 +652,10 @@ static int selinux_set_mnt_opts(struct super_block *sb,
if (flags[i] == SE_SBLABELSUPP)
continue;
- rc = security_context_to_sid(mount_options[i],
+ rc = sel_context_to_sid(mount_options[i],
strlen(mount_options[i]), &sid);
if (rc) {
- printk(KERN_WARNING "SELinux: security_context_to_sid"
+ printk(KERN_WARNING "SELinux: sel_context_to_sid"
"(%s) failed for (dev %s, type %s) errno=%d\n",
mount_options[i], sb->s_id, name, rc);
goto out;
@@ -717,9 +717,11 @@ static int selinux_set_mnt_opts(struct super_block *sb,
sbsec->flags |= SE_SBPROC;
/* Determine the labeling behavior to use for this filesystem type. */
- rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
+ rc = sel_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name,
+ &sbsec->behavior,
+ &sbsec->sid);
if (rc) {
- printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
+ printk(KERN_WARNING "%s: sel_fs_use(%s) returned %d\n",
__func__, sb->s_type->name, rc);
goto out;
}
@@ -1201,7 +1203,7 @@ static int selinux_proc_get_sid(struct proc_dir_entry *de,
path = end;
de = de->parent;
}
- rc = security_genfs_sid("proc", path, tclass, sid);
+ rc = sel_genfs_sid("proc", path, tclass, sid);
free_page((unsigned long)buffer);
return rc;
}
@@ -1318,7 +1320,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
sid = sbsec->def_sid;
rc = 0;
} else {
- rc = security_context_to_sid_default(context, rc, &sid,
+ rc = sel_context_to_sid_default(context, rc, &sid,
sbsec->def_sid,
GFP_NOFS);
if (rc) {
@@ -1353,7 +1355,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
/* Try to obtain a transition SID. */
isec->sclass = inode_mode_to_security_class(inode->i_mode);
- rc = security_transition_sid(isec->task_sid,
+ rc = sel_transition_sid(isec->task_sid,
sbsec->sid,
isec->sclass,
&sid);
@@ -1630,7 +1632,7 @@ static int may_create(struct inode *dir,
return rc;
if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
- rc = security_transition_sid(sid, dsec->sid, tclass, &newsid);
+ rc = sel_transition_sid(sid, dsec->sid, tclass, &newsid);
if (rc)
return rc;
}
@@ -1966,7 +1968,7 @@ static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
end -= 4;
memcpy(end, "/sys", 4);
path = end;
- rc = security_genfs_sid("proc", path, tclass, sid);
+ rc = sel_genfs_sid("proc", path, tclass, sid);
out_free:
free_page((unsigned long)buffer);
out:
@@ -2132,7 +2134,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
new_tsec->exec_sid = 0;
} else {
/* Check for a default transition on this program. */
- rc = security_transition_sid(old_tsec->sid, isec->sid,
+ rc = sel_transition_sid(old_tsec->sid, isec->sid,
SECCLASS_PROCESS, &new_tsec->sid);
if (rc)
return rc;
@@ -2595,12 +2597,12 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
newsid = tsec->create_sid;
if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
- rc = security_transition_sid(sid, dsec->sid,
+ rc = sel_transition_sid(sid, dsec->sid,
inode_mode_to_security_class(inode->i_mode),
&newsid);
if (rc) {
printk(KERN_WARNING "%s: "
- "security_transition_sid failed, rc=%d (dev=%s "
+ "sel_transition_sid failed, rc=%d (dev=%s "
"ino=%ld)\n",
__func__,
-rc, inode->i_sb->s_id, inode->i_ino);
@@ -2627,7 +2629,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
}
if (value && len) {
- rc = security_sid_to_context_force(newsid, &context, &clen);
+ rc = sel_sid_to_context_force(newsid, &context, &clen);
if (rc) {
kfree(namep);
return rc;
@@ -2777,11 +2779,11 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
if (rc)
return rc;
- rc = security_context_to_sid(value, size, &newsid);
+ rc = sel_context_to_sid(value, size, &newsid);
if (rc == -EINVAL) {
if (!capable(CAP_MAC_ADMIN))
return rc;
- rc = security_context_to_sid_force(value, size, &newsid);
+ rc = sel_context_to_sid_force(value, size, &newsid);
}
if (rc)
return rc;
@@ -2791,7 +2793,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
if (rc)
return rc;
- rc = security_validate_transition(isec->sid, newsid, sid,
+ rc = sel_validate_transition(isec->sid, newsid, sid,
isec->sclass);
if (rc)
return rc;
@@ -2817,7 +2819,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
return;
}
- rc = security_context_to_sid_force(value, size, &newsid);
+ rc = sel_context_to_sid_force(value, size, &newsid);
if (rc) {
printk(KERN_ERR "SELinux: unable to map context to SID"
"for (%s, %lu), rc=%d\n",
@@ -2880,10 +2882,10 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN,
SECURITY_CAP_NOAUDIT);
if (!error)
- error = security_sid_to_context_force(isec->sid, &context,
+ error = sel_sid_to_context_force(isec->sid, &context,
&size);
else
- error = security_sid_to_context(isec->sid, &context, &size);
+ error = sel_sid_to_context(isec->sid, &context, &size);
if (error)
return error;
error = size;
@@ -2909,7 +2911,7 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name,
if (!value || !size)
return -EACCES;
- rc = security_context_to_sid((void *)value, size, &newsid);
+ rc = sel_context_to_sid((void *)value, size, &newsid);
if (rc)
return rc;
@@ -3619,7 +3621,7 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
selinux_skb_xfrm_sid(skb, &xfrm_sid);
selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
- err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
+ err = sel_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
if (unlikely(err)) {
printk(KERN_WARNING
"SELinux: failure in selinux_skb_peerlbl_sid(),"
@@ -3965,7 +3967,7 @@ static int selinux_socket_unix_stream_connect(struct socket *sock,
/* server child socket */
ssec = newsk->sk_security;
ssec->peer_sid = isec->sid;
- err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
+ err = sel_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
return err;
}
@@ -4000,7 +4002,7 @@ static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
u32 if_sid;
u32 node_sid;
- err = sel_netif_sid(ifindex, &if_sid);
+ err = sel_netif_sid_by_index(ifindex, &if_sid);
if (err)
return err;
err = avc_has_perm(peer_sid, if_sid,
@@ -4144,7 +4146,7 @@ static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *op
goto out;
}
- err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
+ err = sel_sid_to_context(peer_sid, &scontext, &scontext_len);
if (err)
goto out;
@@ -4256,7 +4258,7 @@ static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
req->secid = sksec->sid;
req->peer_secid = SECSID_NULL;
} else {
- err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
+ err = sel_sid_mls_copy(sksec->sid, peersid, &newsid);
if (err)
return err;
req->secid = newsid;
@@ -4322,7 +4324,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
"SELinux: unrecognized netlink message"
" type=%hu for sclass=%hu\n",
nlh->nlmsg_type, isec->sclass);
- if (!selinux_enforcing || security_get_allow_unknown())
+ if (!selinux_enforcing || sel_get_allow_unknown())
err = 0;
}
@@ -4556,7 +4558,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
u32 if_sid;
u32 node_sid;
- if (sel_netif_sid(ifindex, &if_sid))
+ if (sel_netif_sid_by_index(ifindex, &if_sid))
return NF_DROP;
if (avc_has_perm(peer_sid, if_sid,
SECCLASS_NETIF, NETIF__EGRESS, &ad))
@@ -4790,7 +4792,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
* Compute new sid based on current process and
* message queue this message will be stored in
*/
- rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
+ rc = sel_transition_sid(sid, isec->sid, SECCLASS_MSG,
&msec->sid);
if (rc)
return rc;
@@ -5095,7 +5097,7 @@ static int selinux_getprocattr(struct task_struct *p,
if (!sid)
return 0;
- error = security_sid_to_context(sid, value, &len);
+ error = sel_sid_to_context(sid, value, &len);
if (error)
return error;
return len;
@@ -5147,11 +5149,11 @@ static int selinux_setprocattr(struct task_struct *p,
str[size-1] = 0;
size--;
}
- error = security_context_to_sid(value, size, &sid);
+ error = sel_context_to_sid(value, size, &sid);
if (error == -EINVAL && !strcmp(name, "fscreate")) {
if (!capable(CAP_MAC_ADMIN))
return error;
- error = security_context_to_sid_force(value, size,
+ error = sel_context_to_sid_force(value, size,
&sid);
}
if (error)
@@ -5188,7 +5190,7 @@ static int selinux_setprocattr(struct task_struct *p,
/* Only allow single threaded processes to change context */
error = -EPERM;
if (!is_single_threaded(p)) {
- error = security_bounded_transition(tsec->sid, sid);
+ error = sel_bounded_transition(tsec->sid, sid);
if (error)
goto abort_change;
}
@@ -5231,12 +5233,12 @@ abort_change:
static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
{
- return security_sid_to_context(secid, secdata, seclen);
+ return sel_sid_to_context(secid, secdata, seclen);
}
static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
{
- return security_context_to_sid(secdata, seclen, secid);
+ return sel_context_to_sid(secdata, seclen, secid);
}
static void selinux_release_secctx(char *secdata, u32 seclen)
@@ -5303,7 +5305,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
unsigned len;
int rc;
- rc = security_sid_to_context(ksec->sid, &context, &len);
+ rc = sel_sid_to_context(ksec->sid, &context, &len);
if (!rc)
rc = len;
*_buffer = context;
diff --git a/security/selinux/include/netif.h b/security/selinux/include/netif.h
index ce23edd..b6c3b43 100644
--- a/security/selinux/include/netif.h
+++ b/security/selinux/include/netif.h
@@ -17,7 +17,7 @@
#ifndef _SELINUX_NETIF_H_
#define _SELINUX_NETIF_H_
-int sel_netif_sid(int ifindex, u32 *sid);
+int sel_netif_sid_by_index(int ifindex, u32 *sid);
#endif /* _SELINUX_NETIF_H_ */
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index ca83579..373e672 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -80,9 +80,9 @@ extern int selinux_policycap_openperm;
/* limitation of boundary depth */
#define POLICYDB_BOUNDS_MAXDEPTH 4
-int security_load_policy(void *data, size_t len);
+int sel_load_policy(void *data, size_t len);
-int security_policycap_supported(unsigned int req_cap);
+int sel_policycap_supported(unsigned int req_cap);
#define SEL_VEC_MAX 32
struct av_decision {
@@ -96,58 +96,58 @@ struct av_decision {
/* definitions of av_decision.flags */
#define AVD_FLAGS_PERMISSIVE 0x0001
-int security_compute_av(u32 ssid, u32 tsid,
+int sel_compute_av(u32 ssid, u32 tsid,
u16 tclass, u32 requested,
struct av_decision *avd);
-int security_transition_sid(u32 ssid, u32 tsid,
+int sel_transition_sid(u32 ssid, u32 tsid,
u16 tclass, u32 *out_sid);
-int security_member_sid(u32 ssid, u32 tsid,
+int sel_member_sid(u32 ssid, u32 tsid,
u16 tclass, u32 *out_sid);
-int security_change_sid(u32 ssid, u32 tsid,
+int sel_change_sid(u32 ssid, u32 tsid,
u16 tclass, u32 *out_sid);
-int security_sid_to_context(u32 sid, char **scontext,
+int sel_sid_to_context(u32 sid, char **scontext,
u32 *scontext_len);
-int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len);
+int sel_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len);
-int security_context_to_sid(const char *scontext, u32 scontext_len,
+int sel_context_to_sid(const char *scontext, u32 scontext_len,
u32 *out_sid);
-int security_context_to_sid_default(const char *scontext, u32 scontext_len,
+int sel_context_to_sid_default(const char *scontext, u32 scontext_len,
u32 *out_sid, u32 def_sid, gfp_t gfp_flags);
-int security_context_to_sid_force(const char *scontext, u32 scontext_len,
+int sel_context_to_sid_force(const char *scontext, u32 scontext_len,
u32 *sid);
-int security_get_user_sids(u32 callsid, char *username,
+int sel_get_user_sids(u32 callsid, char *username,
u32 **sids, u32 *nel);
-int security_port_sid(u8 protocol, u16 port, u32 *out_sid);
+int sel_port_sid(u8 protocol, u16 port, u32 *out_sid);
-int security_netif_sid(char *name, u32 *if_sid);
+int sel_netif_sid_by_name(char *name, u32 *if_sid);
-int security_node_sid(u16 domain, void *addr, u32 addrlen,
+int sel_node_sid(u16 domain, void *addr, u32 addrlen,
u32 *out_sid);
-int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
+int sel_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
u16 tclass);
-int security_bounded_transition(u32 oldsid, u32 newsid);
+int sel_bounded_transition(u32 oldsid, u32 newsid);
-int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid);
+int sel_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid);
-int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
+int sel_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
u32 xfrm_sid,
u32 *peer_sid);
-int security_get_classes(char ***classes, int *nclasses);
-int security_get_permissions(char *class, char ***perms, int *nperms);
-int security_get_reject_unknown(void);
-int security_get_allow_unknown(void);
+int sel_get_classes(char ***classes, int *nclasses);
+int sel_get_permissions(char *class, char ***perms, int *nperms);
+int sel_get_reject_unknown(void);
+int sel_get_allow_unknown(void);
#define SECURITY_FS_USE_XATTR 1 /* use xattr */
#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */
@@ -156,34 +156,34 @@ int security_get_allow_unknown(void);
#define SECURITY_FS_USE_NONE 5 /* no labeling support */
#define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */
-int security_fs_use(const char *fstype, unsigned int *behavior,
+int sel_fs_use(const char *fstype, unsigned int *behavior,
u32 *sid);
-int security_genfs_sid(const char *fstype, char *name, u16 sclass,
+int sel_genfs_sid(const char *fstype, char *name, u16 sclass,
u32 *sid);
#ifdef CONFIG_NETLABEL
-int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
+int sel_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
u32 *sid);
-int security_netlbl_sid_to_secattr(u32 sid,
+int sel_netlbl_sid_to_secattr(u32 sid,
struct netlbl_lsm_secattr *secattr);
#else
-static inline int security_netlbl_secattr_to_sid(
+static inline int sel_netlbl_secattr_to_sid(
struct netlbl_lsm_secattr *secattr,
u32 *sid)
{
return -EIDRM;
}
-static inline int security_netlbl_sid_to_secattr(u32 sid,
+static inline int sel_netlbl_sid_to_secattr(u32 sid,
struct netlbl_lsm_secattr *secattr)
{
return -ENOENT;
}
#endif /* CONFIG_NETLABEL */
-const char *security_get_initial_sid_context(u32 sid);
+const char *sel_get_initial_sid_context(u32 sid);
#endif /* _SELINUX_SECURITY_H_ */
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index b4e14bc..3aae049 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -175,7 +175,7 @@ static int sel_netif_sid_slow(int ifindex, u32 *sid)
ret = -ENOMEM;
goto out;
}
- ret = security_netif_sid(dev->name, &new->nsec.sid);
+ ret = sel_netif_sid_by_name(dev->name, &new->nsec.sid);
if (ret != 0)
goto out;
new->nsec.ifindex = ifindex;
@@ -198,7 +198,7 @@ out:
}
/**
- * sel_netif_sid - Lookup the SID of a network interface
+ * sel_netif_sid_by_index - Lookup the SID of a network interface
* @ifindex: the network interface
* @sid: interface SID
*
@@ -210,7 +210,7 @@ out:
* on failure.
*
*/
-int sel_netif_sid(int ifindex, u32 *sid)
+int sel_netif_sid_by_index(int ifindex, u32 *sid)
{
struct sel_netif *netif;
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 2e98441..26aa550 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -58,7 +58,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb,
{
int rc;
- rc = security_netlbl_secattr_to_sid(secattr, sid);
+ rc = sel_netlbl_secattr_to_sid(secattr, sid);
if (rc == 0 &&
(secattr->flags & NETLBL_SECATTR_CACHEABLE) &&
(secattr->flags & NETLBL_SECATTR_CACHE))
@@ -89,7 +89,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk)
secattr = netlbl_secattr_alloc(GFP_ATOMIC);
if (secattr == NULL)
return NULL;
- rc = security_netlbl_sid_to_secattr(sksec->sid, secattr);
+ rc = sel_netlbl_sid_to_secattr(sksec->sid, secattr);
if (rc != 0) {
netlbl_secattr_free(secattr);
return NULL;
@@ -228,7 +228,7 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
if (secattr == NULL) {
secattr = &secattr_storage;
netlbl_secattr_init(secattr);
- rc = security_netlbl_sid_to_secattr(sid, secattr);
+ rc = sel_netlbl_sid_to_secattr(sid, secattr);
if (rc != 0)
goto skbuff_setsid_return;
}
@@ -261,7 +261,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family)
return 0;
netlbl_secattr_init(&secattr);
- rc = security_netlbl_sid_to_secattr(req->secid, &secattr);
+ rc = sel_netlbl_sid_to_secattr(req->secid, &secattr);
if (rc != 0)
goto inet_conn_request_return;
rc = netlbl_req_setattr(req, &secattr);
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 7100072..894a4f0 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -229,12 +229,12 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
goto out;
switch (family) {
case PF_INET:
- ret = security_node_sid(PF_INET,
+ ret = sel_node_sid(PF_INET,
addr, sizeof(struct in_addr), sid);
new->nsec.addr.ipv4 = *(__be32 *)addr;
break;
case PF_INET6:
- ret = security_node_sid(PF_INET6,
+ ret = sel_node_sid(PF_INET6,
addr, sizeof(struct in6_addr), sid);
ipv6_addr_copy(&new->nsec.addr.ipv6, addr);
break;
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index fe7fba6..8724815 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -174,7 +174,7 @@ static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid)
new = kzalloc(sizeof(*new), GFP_ATOMIC);
if (new == NULL)
goto out;
- ret = security_port_sid(protocol, pnum, sid);
+ ret = sel_port_sid(protocol, pnum, sid);
if (ret != 0)
goto out;
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index b4fc506..4129d90 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -193,7 +193,7 @@ static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
ssize_t length;
ino_t ino = filp->f_path.dentry->d_inode->i_ino;
int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
- security_get_reject_unknown() : !security_get_allow_unknown();
+ sel_get_reject_unknown() : !sel_get_allow_unknown();
length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
@@ -320,7 +320,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
if (copy_from_user(data, buf, count) != 0)
goto out;
- length = security_load_policy(data, count);
+ length = sel_load_policy(data, count);
if (length)
goto out;
@@ -367,11 +367,11 @@ static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
if (length)
return length;
- length = security_context_to_sid(buf, size, &sid);
+ length = sel_context_to_sid(buf, size, &sid);
if (length < 0)
return length;
- length = security_sid_to_context(sid, &canon, &len);
+ length = sel_sid_to_context(sid, &canon, &len);
if (length < 0)
return length;
@@ -515,14 +515,14 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4)
goto out2;
- length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
+ length = sel_context_to_sid(scon, strlen(scon)+1, &ssid);
if (length < 0)
goto out2;
- length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
+ length = sel_context_to_sid(tcon, strlen(tcon)+1, &tsid);
if (length < 0)
goto out2;
- length = security_compute_av(ssid, tsid, tclass, req, &avd);
+ length = sel_compute_av(ssid, tsid, tclass, req, &avd);
if (length < 0)
goto out2;
@@ -564,18 +564,18 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out2;
- length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
+ length = sel_context_to_sid(scon, strlen(scon)+1, &ssid);
if (length < 0)
goto out2;
- length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
+ length = sel_context_to_sid(tcon, strlen(tcon)+1, &tsid);
if (length < 0)
goto out2;
- length = security_transition_sid(ssid, tsid, tclass, &newsid);
+ length = sel_transition_sid(ssid, tsid, tclass, &newsid);
if (length < 0)
goto out2;
- length = security_sid_to_context(newsid, &newcon, &len);
+ length = sel_sid_to_context(newsid, &newcon, &len);
if (length < 0)
goto out2;
@@ -623,18 +623,18 @@ static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out2;
- length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
+ length = sel_context_to_sid(scon, strlen(scon)+1, &ssid);
if (length < 0)
goto out2;
- length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
+ length = sel_context_to_sid(tcon, strlen(tcon)+1, &tsid);
if (length < 0)
goto out2;
- length = security_change_sid(ssid, tsid, tclass, &newsid);
+ length = sel_change_sid(ssid, tsid, tclass, &newsid);
if (length < 0)
goto out2;
- length = security_sid_to_context(newsid, &newcon, &len);
+ length = sel_sid_to_context(newsid, &newcon, &len);
if (length < 0)
goto out2;
@@ -680,18 +680,18 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
if (sscanf(buf, "%s %s", con, user) != 2)
goto out2;
- length = security_context_to_sid(con, strlen(con)+1, &sid);
+ length = sel_context_to_sid(con, strlen(con)+1, &sid);
if (length < 0)
goto out2;
- length = security_get_user_sids(sid, user, &sids, &nsids);
+ length = sel_get_user_sids(sid, user, &sids, &nsids);
if (length < 0)
goto out2;
length = sprintf(buf, "%u", nsids) + 1;
ptr = buf + length;
for (i = 0; i < nsids; i++) {
- rc = security_sid_to_context(sids[i], &newcon, &len);
+ rc = sel_sid_to_context(sids[i], &newcon, &len);
if (rc) {
length = rc;
goto out3;
@@ -741,18 +741,18 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out2;
- length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
+ length = sel_context_to_sid(scon, strlen(scon)+1, &ssid);
if (length < 0)
goto out2;
- length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
+ length = sel_context_to_sid(tcon, strlen(tcon)+1, &tsid);
if (length < 0)
goto out2;
- length = security_member_sid(ssid, tsid, tclass, &newsid);
+ length = sel_member_sid(ssid, tsid, tclass, &newsid);
if (length < 0)
goto out2;
- length = security_sid_to_context(newsid, &newcon, &len);
+ length = sel_sid_to_context(newsid, &newcon, &len);
if (length < 0)
goto out2;
@@ -1015,7 +1015,7 @@ static int sel_make_bools(void)
goto err;
}
isec = (struct inode_security_struct *)inode->i_security;
- ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
+ ret = sel_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
if (ret)
goto err;
isec->sid = sid;
@@ -1244,7 +1244,7 @@ static ssize_t sel_read_initcon(struct file *file, char __user *buf,
inode = file->f_path.dentry->d_inode;
sid = inode->i_ino&SEL_INO_MASK;
- ret = security_sid_to_context(sid, &con, &len);
+ ret = sel_sid_to_context(sid, &con, &len);
if (ret < 0)
return ret;
@@ -1264,7 +1264,7 @@ static int sel_make_initcon_files(struct dentry *dir)
for (i = 1; i <= SECINITSID_NUM; i++) {
struct inode *inode;
struct dentry *dentry;
- dentry = d_alloc_name(dir, security_get_initial_sid_context(i));
+ dentry = d_alloc_name(dir, sel_get_initial_sid_context(i));
if (!dentry) {
ret = -ENOMEM;
goto out;
@@ -1364,7 +1364,7 @@ static ssize_t sel_read_policycap(struct file *file, char __user *buf,
ssize_t length;
unsigned long i_ino = file->f_path.dentry->d_inode->i_ino;
- value = security_policycap_supported(i_ino & SEL_INO_MASK);
+ value = sel_policycap_supported(i_ino & SEL_INO_MASK);
length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
@@ -1380,7 +1380,7 @@ static int sel_make_perm_files(char *objclass, int classvalue,
int i, rc = 0, nperms;
char **perms;
- rc = security_get_permissions(objclass, &perms, &nperms);
+ rc = sel_get_permissions(objclass, &perms, &nperms);
if (rc)
goto out;
@@ -1484,7 +1484,7 @@ static int sel_make_classes(void)
/* delete any existing entries */
sel_remove_classes();
- rc = security_get_classes(&classes, &nclasses);
+ rc = sel_get_classes(&classes, &nclasses);
if (rc < 0)
goto out;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index ff17820..988fef6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -285,7 +285,7 @@ mls_ops:
/*
* security_dump_masked_av - dumps masked permissions during
- * security_compute_av due to RBAC, MLS/Constraint and Type bounds.
+ * sel_compute_av due to RBAC, MLS/Constraint and Type bounds.
*/
static int dump_masked_av_helper(void *k, void *d, void *args)
{
@@ -347,7 +347,7 @@ static void security_dump_masked_av(struct context *scontext,
if (!ab)
goto out;
- audit_log_format(ab, "op=security_compute_av reason=%s "
+ audit_log_format(ab, "op=sel_compute_av reason=%s "
"scontext=%s tcontext=%s tclass=%s perms=",
reason, scontext_name, tcontext_name, tclass_name);
@@ -622,7 +622,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
if (context_struct_to_string(tcontext, &t, &tlen) < 0)
goto out;
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
- "security_validate_transition: denied for"
+ "sel_validate_transition: denied for"
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
o, n, t, policydb.p_class_val_to_name[tclass-1]);
out:
@@ -635,7 +635,7 @@ out:
return -EPERM;
}
-int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
+int sel_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
u16 tclass)
{
struct context *ocontext;
@@ -710,7 +710,7 @@ out:
}
/*
- * security_bounded_transition - check whether the given
+ * sel_bounded_transition - check whether the given
* transition is directed to bounded, or not.
* It returns 0, if @newsid is bounded by @oldsid.
* Otherwise, it returns error code.
@@ -718,7 +718,7 @@ out:
* @oldsid : current security identifier
* @newsid : destinated security identifier
*/
-int security_bounded_transition(u32 old_sid, u32 new_sid)
+int sel_bounded_transition(u32 old_sid, u32 new_sid)
{
struct context *old_context, *new_context;
struct type_datum *type;
@@ -777,7 +777,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
&new_name, &length)) {
audit_log(current->audit_context,
GFP_ATOMIC, AUDIT_SELINUX_ERR,
- "op=security_bounded_transition "
+ "op=sel_bounded_transition "
"result=denied "
"oldcontext=%s newcontext=%s",
old_name, new_name);
@@ -793,7 +793,7 @@ out:
/**
- * security_compute_av - Compute access vector decisions.
+ * sel_compute_av - Compute access vector decisions.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@@ -805,7 +805,7 @@ out:
* Return -%EINVAL if any of the parameters are invalid or %0
* if the access vector decisions were computed successfully.
*/
-int security_compute_av(u32 ssid,
+int sel_compute_av(u32 ssid,
u32 tsid,
u16 tclass,
u32 requested,
@@ -904,14 +904,14 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
#include "initial_sid_to_string.h"
-const char *security_get_initial_sid_context(u32 sid)
+const char *sel_get_initial_sid_context(u32 sid)
{
if (unlikely(sid > SECINITSID_NUM))
return NULL;
return initial_sid_to_string[sid];
}
-static int security_sid_to_context_core(u32 sid, char **scontext,
+static int sel_sid_to_context_core(u32 sid, char **scontext,
u32 *scontext_len, int force)
{
struct context *context;
@@ -959,7 +959,7 @@ out:
}
/**
- * security_sid_to_context - Obtain a context for a given SID.
+ * sel_sid_to_context - Obtain a context for a given SID.
* @sid: security identifier, SID
* @scontext: security context
* @scontext_len: length in bytes
@@ -968,14 +968,14 @@ out:
* into a dynamically allocated string of the correct size. Set @scontext
* to point to this string and set @scontext_len to the length of the string.
*/
-int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
+int sel_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
{
- return security_sid_to_context_core(sid, scontext, scontext_len, 0);
+ return sel_sid_to_context_core(sid, scontext, scontext_len, 0);
}
-int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len)
+int sel_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len)
{
- return security_sid_to_context_core(sid, scontext, scontext_len, 1);
+ return sel_sid_to_context_core(sid, scontext, scontext_len, 1);
}
/*
@@ -1066,7 +1066,7 @@ out:
return rc;
}
-static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
+static int sel_context_to_sid_core(const char *scontext, u32 scontext_len,
u32 *sid, u32 def_sid, gfp_t gfp_flags,
int force)
{
@@ -1124,7 +1124,7 @@ out:
}
/**
- * security_context_to_sid - Obtain a SID for a given security context.
+ * sel_context_to_sid - Obtain a SID for a given security context.
* @scontext: security context
* @scontext_len: length in bytes
* @sid: security identifier, SID
@@ -1134,14 +1134,14 @@ out:
* Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
* memory is available, or 0 on success.
*/
-int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid)
+int sel_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid)
{
- return security_context_to_sid_core(scontext, scontext_len,
+ return sel_context_to_sid_core(scontext, scontext_len,
sid, SECSID_NULL, GFP_KERNEL, 0);
}
/**
- * security_context_to_sid_default - Obtain a SID for a given security context,
+ * sel_context_to_sid_default - Obtain a SID for a given security context,
* falling back to specified default if needed.
*
* @scontext: security context
@@ -1158,17 +1158,17 @@ int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid)
* Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
* memory is available, or 0 on success.
*/
-int security_context_to_sid_default(const char *scontext, u32 scontext_len,
+int sel_context_to_sid_default(const char *scontext, u32 scontext_len,
u32 *sid, u32 def_sid, gfp_t gfp_flags)
{
- return security_context_to_sid_core(scontext, scontext_len,
+ return sel_context_to_sid_core(scontext, scontext_len,
sid, def_sid, gfp_flags, 1);
}
-int security_context_to_sid_force(const char *scontext, u32 scontext_len,
+int sel_context_to_sid_force(const char *scontext, u32 scontext_len,
u32 *sid)
{
- return security_context_to_sid_core(scontext, scontext_len,
+ return sel_context_to_sid_core(scontext, scontext_len,
sid, SECSID_NULL, GFP_KERNEL, 1);
}
@@ -1341,7 +1341,7 @@ out:
}
/**
- * security_transition_sid - Compute the SID for a new subject/object.
+ * sel_transition_sid - Compute the SID for a new subject/object.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@@ -1353,7 +1353,7 @@ out:
* if insufficient memory is available, or %0 if the new SID was
* computed successfully.
*/
-int security_transition_sid(u32 ssid,
+int sel_transition_sid(u32 ssid,
u32 tsid,
u16 tclass,
u32 *out_sid)
@@ -1362,7 +1362,7 @@ int security_transition_sid(u32 ssid,
}
/**
- * security_member_sid - Compute the SID for member selection.
+ * sel_member_sid - Compute the SID for member selection.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@@ -1374,7 +1374,7 @@ int security_transition_sid(u32 ssid,
* if insufficient memory is available, or %0 if the SID was
* computed successfully.
*/
-int security_member_sid(u32 ssid,
+int sel_member_sid(u32 ssid,
u32 tsid,
u16 tclass,
u32 *out_sid)
@@ -1383,7 +1383,7 @@ int security_member_sid(u32 ssid,
}
/**
- * security_change_sid - Compute the SID for object relabeling.
+ * sel_change_sid - Compute the SID for object relabeling.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@@ -1395,7 +1395,7 @@ int security_member_sid(u32 ssid,
* if insufficient memory is available, or %0 if the SID was
* computed successfully.
*/
-int security_change_sid(u32 ssid,
+int sel_change_sid(u32 ssid,
u32 tsid,
u16 tclass,
u32 *out_sid)
@@ -1536,7 +1536,7 @@ static int validate_classes(struct policydb *p)
}
if (print_unknown_handle)
printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
- (security_get_allow_unknown() ? "allowed" : "denied"));
+ (sel_get_allow_unknown() ? "allowed" : "denied"));
return 0;
}
@@ -1685,7 +1685,7 @@ bad:
goto out;
}
-static void security_load_policycaps(void)
+static void sel_load_policycaps(void)
{
selinux_policycap_netpeer = ebitmap_get_bit(&policydb.policycaps,
POLICYDB_CAPABILITY_NETPEER);
@@ -1697,7 +1697,7 @@ extern void selinux_complete_init(void);
static int security_preserve_bools(struct policydb *p);
/**
- * security_load_policy - Load a security policy configuration.
+ * sel_load_policy - Load a security policy configuration.
* @data: binary policy data
* @len: length of data in bytes
*
@@ -1706,7 +1706,7 @@ static int security_preserve_bools(struct policydb *p);
* This function will flush the access vector cache after
* loading the new policy.
*/
-int security_load_policy(void *data, size_t len)
+int sel_load_policy(void *data, size_t len)
{
struct policydb oldpolicydb, newpolicydb;
struct sidtab oldsidtab, newsidtab;
@@ -1735,7 +1735,7 @@ int security_load_policy(void *data, size_t len)
avtab_cache_destroy();
return -EINVAL;
}
- security_load_policycaps();
+ sel_load_policycaps();
policydb_loaded_version = policydb.policyvers;
ss_initialized = 1;
seqno = ++latest_granting;
@@ -1798,7 +1798,7 @@ int security_load_policy(void *data, size_t len)
write_lock_irq(&policy_rwlock);
memcpy(&policydb, &newpolicydb, sizeof policydb);
sidtab_set(&sidtab, &newsidtab);
- security_load_policycaps();
+ sel_load_policycaps();
seqno = ++latest_granting;
policydb_loaded_version = policydb.policyvers;
write_unlock_irq(&policy_rwlock);
@@ -1822,12 +1822,12 @@ err:
}
/**
- * security_port_sid - Obtain the SID for a port.
+ * sel_port_sid - Obtain the SID for a port.
* @protocol: protocol number
* @port: port number
* @out_sid: security identifier
*/
-int security_port_sid(u8 protocol, u16 port, u32 *out_sid)
+int sel_port_sid(u8 protocol, u16 port, u32 *out_sid)
{
struct ocontext *c;
int rc = 0;
@@ -1862,11 +1862,11 @@ out:
}
/**
- * security_netif_sid - Obtain the SID for a network interface.
+ * sel_netif_sid_by_name - Obtain the SID for a network interface.
* @name: interface name
* @if_sid: interface SID
*/
-int security_netif_sid(char *name, u32 *if_sid)
+int sel_netif_sid_by_name(char *name, u32 *if_sid)
{
int rc = 0;
struct ocontext *c;
@@ -1916,13 +1916,13 @@ static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask)
}
/**
- * security_node_sid - Obtain the SID for a node (host).
+ * sel_node_sid - Obtain the SID for a node (host).
* @domain: communication domain aka address family
* @addrp: address
* @addrlen: address length in bytes
* @out_sid: security identifier
*/
-int security_node_sid(u16 domain,
+int sel_node_sid(u16 domain,
void *addrp,
u32 addrlen,
u32 *out_sid)
@@ -1992,7 +1992,7 @@ out:
#define SIDS_NEL 25
/**
- * security_get_user_sids - Obtain reachable SIDs for a user.
+ * sel_get_user_sids - Obtain reachable SIDs for a user.
* @fromsid: starting SID
* @username: username
* @sids: array of reachable SIDs for user
@@ -2005,7 +2005,7 @@ out:
* number of elements in the array.
*/
-int security_get_user_sids(u32 fromsid,
+int sel_get_user_sids(u32 fromsid,
char *username,
u32 **sids,
u32 *nel)
@@ -2107,7 +2107,7 @@ out:
}
/**
- * security_genfs_sid - Obtain a SID for a file in a filesystem
+ * sel_genfs_sid - Obtain a SID for a file in a filesystem
* @fstype: filesystem type
* @path: path from root of mount
* @sclass: file security class
@@ -2117,7 +2117,7 @@ out:
* cannot support xattr or use a fixed labeling behavior like
* transition SIDs or task SIDs.
*/
-int security_genfs_sid(const char *fstype,
+int sel_genfs_sid(const char *fstype,
char *path,
u16 sclass,
u32 *sid)
@@ -2172,12 +2172,12 @@ out:
}
/**
- * security_fs_use - Determine how to handle labeling for a filesystem.
+ * sel_fs_use - Determine how to handle labeling for a filesystem.
* @fstype: filesystem type
* @behavior: labeling behavior
* @sid: SID for filesystem (superblock)
*/
-int security_fs_use(
+int sel_fs_use(
const char *fstype,
unsigned int *behavior,
u32 *sid)
@@ -2205,7 +2205,7 @@ int security_fs_use(
}
*sid = c->sid[0];
} else {
- rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
+ rc = sel_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
if (rc) {
*behavior = SECURITY_FS_USE_NONE;
rc = 0;
@@ -2365,10 +2365,10 @@ out:
}
/*
- * security_sid_mls_copy() - computes a new sid based on the given
+ * sel_sid_mls_copy() - computes a new sid based on the given
* sid and the mls portion of mls_sid.
*/
-int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
+int sel_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
{
struct context *context1;
struct context *context2;
@@ -2421,7 +2421,7 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
bad:
if (!context_struct_to_string(&newcon, &s, &len)) {
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
- "security_sid_mls_copy: invalid context %s", s);
+ "sel_sid_mls_copy: invalid context %s", s);
kfree(s);
}
@@ -2433,7 +2433,7 @@ out:
}
/**
- * security_net_peersid_resolve - Compare and resolve two network peer SIDs
+ * sel_net_peersid_resolve - Compare and resolve two network peer SIDs
* @nlbl_sid: NetLabel SID
* @nlbl_type: NetLabel labeling protocol type
* @xfrm_sid: XFRM SID
@@ -2452,7 +2452,7 @@ out:
* multiple, inconsistent labels | -<errno> | SECSID_NULL
*
*/
-int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
+int sel_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
u32 xfrm_sid,
u32 *peer_sid)
{
@@ -2528,7 +2528,7 @@ static int get_classes_callback(void *k, void *d, void *args)
return 0;
}
-int security_get_classes(char ***classes, int *nclasses)
+int sel_get_classes(char ***classes, int *nclasses)
{
int rc = -ENOMEM;
@@ -2566,7 +2566,7 @@ static int get_permissions_callback(void *k, void *d, void *args)
return 0;
}
-int security_get_permissions(char *class, char ***perms, int *nperms)
+int sel_get_permissions(char *class, char ***perms, int *nperms)
{
int rc = -ENOMEM, i;
struct class_datum *match;
@@ -2610,18 +2610,18 @@ err:
return rc;
}
-int security_get_reject_unknown(void)
+int sel_get_reject_unknown(void)
{
return policydb.reject_unknown;
}
-int security_get_allow_unknown(void)
+int sel_get_allow_unknown(void)
{
return policydb.allow_unknown;
}
/**
- * security_policycap_supported - Check for a specific policy capability
+ * sel_policycap_supported - Check for a specific policy capability
* @req_cap: capability
*
* Description:
@@ -2630,7 +2630,7 @@ int security_get_allow_unknown(void)
* supported, false (0) if it isn't supported.
*
*/
-int security_policycap_supported(unsigned int req_cap)
+int sel_policycap_supported(unsigned int req_cap)
{
int rc;
@@ -2944,7 +2944,7 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
}
/**
- * security_netlbl_secattr_to_sid - Convert a NetLabel secattr to a SELinux SID
+ * sel_netlbl_secattr_to_sid - Convert a NetLabel secattr to a SELinux SID
* @secattr: the NetLabel packet security attributes
* @sid: the SELinux SID
*
@@ -2958,7 +2958,7 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
* failure.
*
*/
-int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
+int sel_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
u32 *sid)
{
int rc = -EIDRM;
@@ -3020,7 +3020,7 @@ netlbl_secattr_to_sid_return_cleanup:
}
/**
- * security_netlbl_sid_to_secattr - Convert a SELinux SID to a NetLabel secattr
+ * sel_netlbl_sid_to_secattr - Convert a SELinux SID to a NetLabel secattr
* @sid: the SELinux SID
* @secattr: the NetLabel packet security attributes
*
@@ -3029,7 +3029,7 @@ netlbl_secattr_to_sid_return_cleanup:
* Returns zero on success, negative values on failure.
*
*/
-int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
+int sel_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
{
int rc;
struct context *ctx;
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 72b1845..8e292ad 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -229,7 +229,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
uctx+1,
str_len);
ctx->ctx_str[str_len] = 0;
- rc = security_context_to_sid(ctx->ctx_str,
+ rc = sel_context_to_sid(ctx->ctx_str,
str_len,
&ctx->ctx_sid);
@@ -248,7 +248,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
return rc;
not_from_user:
- rc = security_sid_to_context(sid, &ctx_str, &str_len);
+ rc = sel_sid_to_context(sid, &ctx_str, &str_len);
if (rc)
goto out;
--
1.6.2.5
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2009-07-07 21:49 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-06 18:58 [PATCH 1/4 -v2] Namespacing of security/selinux Thomas Liu
2009-07-06 19:43 ` Stephen Smalley
2009-07-07 12:06 ` Stephen Smalley
2009-07-07 12:48 ` James Morris
2009-07-07 17:47 ` Eric Paris
2009-07-07 21:49 ` Thomas Liu [this message]
2009-08-14 15:20 ` [PATCH 1/2 -v3] " Stephen Smalley
2009-08-14 15:20 ` Eric Paris
2009-08-14 17:28 ` Glenn Faden
2009-08-14 17:47 ` Stephen Smalley
2009-07-06 20:28 ` [PATCH 1/4 -v2] " Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1247003355.2149.2.camel@Ares \
--to=tliu@redhat.com \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.