All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] SELinux: restore proper NetLabel caching behavior
@ 2007-07-30 20:33 Paul Moore
  2007-07-30 21:08 ` Paul Moore
  2007-07-31  2:39 ` James Morris
  0 siblings, 2 replies; 3+ messages in thread
From: Paul Moore @ 2007-07-30 20:33 UTC (permalink / raw)
  To: selinux

A small fix to the SELinux/NetLabel glue code to ensure that the NetLabel
cache is utilized when possible.  This was broken when the SELinux/NetLabel
glue code was reorganized in the last kernel release.

Signed-off-by: Paul Moore <paul.moore@hp.com>
---
 include/net/netlabel.h      |    2 ++
 security/selinux/netlabel.c |   16 ++++++++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

Index: linux-2.6_netlabel-cache-fix-2/include/net/netlabel.h
===================================================================
--- linux-2.6_netlabel-cache-fix-2.orig/include/net/netlabel.h
+++ linux-2.6_netlabel-cache-fix-2/include/net/netlabel.h
@@ -132,6 +132,8 @@ struct netlbl_lsm_secattr_catmap {
 #define NETLBL_SECATTR_CACHE            0x00000002
 #define NETLBL_SECATTR_MLS_LVL          0x00000004
 #define NETLBL_SECATTR_MLS_CAT          0x00000008
+#define NETLBL_SECATTR_CACHEABLE        (NETLBL_SECATTR_MLS_LVL | \
+					 NETLBL_SECATTR_MLS_CAT)
 struct netlbl_lsm_secattr {
 	u32 flags;
 
Index: linux-2.6_netlabel-cache-fix-2/security/selinux/netlabel.c
===================================================================
--- linux-2.6_netlabel-cache-fix-2.orig/security/selinux/netlabel.c
+++ linux-2.6_netlabel-cache-fix-2/security/selinux/netlabel.c
@@ -162,9 +162,13 @@ int selinux_netlbl_skbuff_getsid(struct 
 
 	netlbl_secattr_init(&secattr);
 	rc = netlbl_skbuff_getattr(skb, &secattr);
-	if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
+	if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {
 		rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid);
-	else
+		if (rc == 0 &&
+		    (secattr.flags & NETLBL_SECATTR_CACHEABLE) &&
+		    (secattr.flags & NETLBL_SECATTR_CACHE))
+			netlbl_cache_add(skb, &secattr);
+	} else
 		*sid = SECSID_NULL;
 	netlbl_secattr_destroy(&secattr);
 
@@ -307,11 +311,15 @@ int selinux_netlbl_sock_rcv_skb(struct s
 
 	netlbl_secattr_init(&secattr);
 	rc = netlbl_skbuff_getattr(skb, &secattr);
-	if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
+	if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {
 		rc = security_netlbl_secattr_to_sid(&secattr,
 						    SECINITSID_NETMSG,
 						    &nlbl_sid);
-	else
+		if (rc == 0 &&
+		    (secattr.flags & NETLBL_SECATTR_CACHEABLE) &&
+		    (secattr.flags & NETLBL_SECATTR_CACHE))
+			netlbl_cache_add(skb, &secattr);
+	} else
 		nlbl_sid = SECINITSID_UNLABELED;
 	netlbl_secattr_destroy(&secattr);
 	if (rc != 0)

-- 
paul moore
linux security @ hp


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-07-31  2:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-30 20:33 [PATCH] SELinux: restore proper NetLabel caching behavior Paul Moore
2007-07-30 21:08 ` Paul Moore
2007-07-31  2:39 ` James Morris

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.