From: "Paul Moore" <paul.moore@hp.com>
To: selinux@tycho.nsa.gov
Cc: kaigai@ak.jp.nec.com, joe@nall.com
Subject: [RFC 1/5] SELinux: add secctx_to_secid() LSM hook
Date: Tue, 07 Aug 2007 10:14:16 -0400 [thread overview]
Message-ID: <20070807141533.310472096@hp.com> (raw)
In-Reply-To: 20070807141415.525577324@hp.com
Add a secctx_to_secid() LSM hook to go along with the existing
secid_to_secctx() LSM hook. This patch also includes a SELinux implementation
for this hook.
---
include/linux/security.h | 17 +++++++++++++++++
security/dummy.c | 6 ++++++
security/selinux/hooks.c | 6 ++++++
3 files changed, 29 insertions(+)
Index: linux-2.6_staticlbl/include/linux/security.h
===================================================================
--- linux-2.6_staticlbl.orig/include/linux/security.h
+++ linux-2.6_staticlbl/include/linux/security.h
@@ -1141,6 +1141,10 @@ struct request_sock;
* Convert secid to security context.
* @secid contains the security ID.
* @secdata contains the pointer that stores the converted security context.
+ * @secctx_to_secid:
+ * Convert security context to secid.
+ * @secid contains the pointer to the generated security ID.
+ * @secdata contains the security context.
*
* @release_secctx:
* Release the security context.
@@ -1329,6 +1333,7 @@ struct security_operations {
int (*getprocattr)(struct task_struct *p, char *name, char **value);
int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
+ int (*secctx_to_secid)(char *secdata, u32 seclen, u32 *secid);
void (*release_secctx)(char *secdata, u32 seclen);
#ifdef CONFIG_SECURITY_NETWORK
@@ -2122,6 +2127,13 @@ static inline int security_secid_to_secc
return security_ops->secid_to_secctx(secid, secdata, seclen);
}
+static inline int security_secctx_to_secid(char *secdata,
+ u32 seclen,
+ u32 *secid)
+{
+ return security_ops->secctx_to_secid(secdata, seclen, secid);
+}
+
static inline void security_release_secctx(char *secdata, u32 seclen)
{
return security_ops->release_secctx(secdata, seclen);
@@ -2800,6 +2812,11 @@ static inline int security_secid_to_secc
return -EOPNOTSUPP;
}
+static inline int secctx_to_secid(char *secdata, u32 seclen, u32 *secid)
+{
+ return -EOPNOTSUPP;
+}
+
static inline void security_release_secctx(char *secdata, u32 seclen)
{
}
Index: linux-2.6_staticlbl/security/dummy.c
===================================================================
--- linux-2.6_staticlbl.orig/security/dummy.c
+++ linux-2.6_staticlbl/security/dummy.c
@@ -926,6 +926,11 @@ static int dummy_secid_to_secctx(u32 sec
return -EOPNOTSUPP;
}
+static int dummy_secctx_to_secid(char *secdata, u32 seclen, u32 *secid)
+{
+ return -EOPNOTSUPP;
+}
+
static void dummy_release_secctx(char *secdata, u32 seclen)
{
}
@@ -1083,6 +1088,7 @@ void security_fixup_ops (struct security
set_to_dummy_if_null(ops, getprocattr);
set_to_dummy_if_null(ops, setprocattr);
set_to_dummy_if_null(ops, secid_to_secctx);
+ set_to_dummy_if_null(ops, secctx_to_secid);
set_to_dummy_if_null(ops, release_secctx);
#ifdef CONFIG_SECURITY_NETWORK
set_to_dummy_if_null(ops, unix_stream_connect);
Index: linux-2.6_staticlbl/security/selinux/hooks.c
===================================================================
--- linux-2.6_staticlbl.orig/security/selinux/hooks.c
+++ linux-2.6_staticlbl/security/selinux/hooks.c
@@ -4656,6 +4656,11 @@ static int selinux_secid_to_secctx(u32 s
return security_sid_to_context(secid, secdata, seclen);
}
+static int selinux_secctx_to_secid(char *secdata, u32 seclen, u32 *secid)
+{
+ return security_context_to_sid(secdata, seclen, secid);
+}
+
static void selinux_release_secctx(char *secdata, u32 seclen)
{
kfree(secdata);
@@ -4842,6 +4847,7 @@ static struct security_operations selinu
.setprocattr = selinux_setprocattr,
.secid_to_secctx = selinux_secid_to_secctx,
+ .secctx_to_secid = selinux_secctx_to_secid,
.release_secctx = selinux_release_secctx,
.unix_stream_connect = selinux_socket_unix_stream_connect,
--
paul moore
linux security @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2007-08-07 14:16 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-07 14:14 [RFC 0/5] Static/fallback external labels for NetLabel Paul Moore
2007-08-07 14:14 ` Paul Moore [this message]
2007-08-07 14:14 ` [RFC 2/5] NetLabel: Add secid token support to the NetLabel secattr struct Paul Moore
2007-08-07 14:14 ` [RFC 3/5] NetLabel: add IP address family information to the netlbl_skbuff_getattr() function Paul Moore
2007-08-07 14:14 ` [RFC 4/5] NetLabel: introduce static network labels for unlabeled connections Paul Moore
2007-08-07 14:14 ` [RFC 5/5] NetLabel: add auditing to the static labeling mechanism Paul Moore
2007-08-09 10:57 ` [RFC 0/5] Static/fallback external labels for NetLabel KaiGai Kohei
2007-08-09 11:48 ` Paul Moore
2007-08-09 12:42 ` Stephen Smalley
2007-08-09 13:29 ` Paul Moore
2007-08-09 13:54 ` Stephen Smalley
2007-08-09 14:48 ` Paul Moore
2007-08-09 15:49 ` James Morris
2007-08-09 16:01 ` Stephen Smalley
2007-08-09 22:35 ` Paul Moore
2007-08-09 13:59 ` James Morris
2007-08-09 14:50 ` Paul Moore
2007-08-09 15:13 ` Stephen Smalley
2007-08-09 14:41 ` Darrel Goeddel
2007-08-09 14:57 ` Paul Moore
2007-08-09 15:07 ` Darrel Goeddel
2007-08-09 15:32 ` Casey Schaufler
2007-08-09 15:39 ` Stephen Smalley
2007-08-09 16:16 ` Casey Schaufler
2007-08-09 14:09 ` Darrel Goeddel
2007-08-09 14:24 ` James Morris
2007-08-09 16:42 ` Darrel Goeddel
2007-08-09 19:20 ` Joe Nall
2007-08-09 19:47 ` Darrel Goeddel
2007-08-09 20:12 ` Joe Nall
2007-08-09 21:15 ` Stephen Smalley
2007-08-09 21:18 ` Darrel Goeddel
2007-08-09 22:48 ` Paul Moore
2007-08-09 20:17 ` Paul Moore
2007-08-09 14:53 ` Paul Moore
2007-08-09 16:08 ` Darrel Goeddel
2007-08-09 22:55 ` Darrel Goeddel
2007-08-10 16:49 ` James Morris
2007-08-14 14:47 ` Darrel Goeddel
2007-08-15 4:24 ` James Morris
2007-08-15 22:35 ` Darrel Goeddel
2007-08-16 15:04 ` James Morris
2007-08-24 16:31 ` Paul Moore
2007-08-24 18:34 ` James Morris
2007-08-24 19:02 ` Casey Schaufler
2007-08-24 19:49 ` Paul Moore
2007-08-24 20:17 ` James Morris
2007-08-24 20:24 ` Paul Moore
2007-08-24 20:47 ` Joshua Brindle
2007-08-24 20:42 ` Casey Schaufler
2007-08-24 21:10 ` Paul Moore
2007-08-24 21:37 ` Casey Schaufler
2007-08-24 20:29 ` Joshua Brindle
2007-08-28 14:03 ` Darrel Goeddel
2007-08-28 15:16 ` Paul Moore
2007-08-09 15:48 ` Casey Schaufler
2007-08-09 19:38 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070807141533.310472096@hp.com \
--to=paul.moore@hp.com \
--cc=joe@nall.com \
--cc=kaigai@ak.jp.nec.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.