Catherine Zhang <[EMAIL PROTECTED]> wrote:
>
> Enclosed please find the updated AF_UNIX patch.
>
> ...
>
> --- linux-2.6.17-rc1/include/asm-alpha/socket.h~lsm-secpeer-unix
> 2006-04-03 18:19:47.000000000 -0400
> +++ linux-2.6.17-rc1-cxzhang/include/asm-alpha/socket.h 2006-04-03
> 18:20:46.000000000 -0400
> @@ -51,6 +51,7 @@
> #define SCM_TIMESTAMP SO_TIMESTAMP
>
> #define SO_PEERSEC 30
> +#define SO_PASSSEC 31
Everybody else gets 34, so it might make life easier to give alpha 34 as well?
> + case SO_PASSSEC:
> + v.val = test_bit(SOCK_PASSSEC, &sock->flags) ? 1 : 0;
> + break;
I think test_bit() is guaranteed to return 0 or 1. But I wouldn't trust it
either ;)
> @@ -0,0 +1,52 @@
> +/*
> + * SELinux services exported to the rest of the kernel.
> + *
> + * Author: James Morris <[EMAIL PROTECTED]>
> + *
> + * Copyright (C) 2005 Red Hat, Inc., James Morris <[EMAIL PROTECTED]>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2,
> + * as published by the Free Software Foundation.
> + */
> +#include <linux/types.h>
> +#include <linux/kernel.h>
> +#include <linux/module.h>
> +#include <linux/selinux.h>
> +
> +#include "security.h"
> +
> +extern int ss_initialized;
Please always put extern declarations into header files.
> +int selinux_available(void)
> +{
> + return ss_initialized;
> +}
> +
> +void selinux_sk_ctxid(struct sock *sk, u32 *ctxid)
> +{
> + *ctxid = 0;
> + security_sk_info(sk, ctxid, NULL);
> +}
> +
> +void selinux_sock_ctxid(struct socket *sock, u32 *ctxid)
> +{
> + *ctxid = 0;
> + security_sock_info(sock, ctxid, NULL);
> +}
> +
> +int selinux_ctx_to_id(const char *ctx, u32 *ctxid)
> +{
> + return security_context_to_sid(ctx, strlen(ctx), ctxid);
> +}
> +
> +int selinux_id_to_ctx(u32 ctxid, char **ctx, u32 *ctxlen)
> +{
> + return security_sid_to_context(ctxid, ctx, ctxlen);
> +}
I'd suggest that all of these should be inline.
> +EXPORT_SYMBOL_GPL(selinux_available);
> +EXPORT_SYMBOL_GPL(selinux_sk_ctxid);
> +EXPORT_SYMBOL_GPL(selinux_sock_ctxid);
> +EXPORT_SYMBOL_GPL(selinux_ctx_to_id);
> +EXPORT_SYMBOL_GPL(selinux_id_to_ctx);
Please put exports at the line immediately after the exported function.
(There are arguments each way, but we should do one or the other, not
both).
> diff -puN security/selinux/hooks.c~lsm-secpeer-unix security/selinux/hooks.c
> --- linux-2.6.17-rc1/security/selinux/hooks.c~lsm-secpeer-unix
> 2006-04-04 18:36:25.000000000 -0400
> +++ linux-2.6.17-rc1-cxzhang/security/selinux/hooks.c 2006-04-06
> 14:35:14.000000000 -0400
> @@ -3212,6 +3212,29 @@ static int selinux_socket_unix_may_send(
> return 0;
> }
>
> +/* Retrieve security info. on sock */
> +void security_sock_info(struct socket *sock, u32 *sid, u16 *class)
> +{
> + if (sock) {
> + struct inode *inode;
> + inode = SOCK_INODE(sock);
> + if (inode) {
> + struct inode_security_struct *isec;
> + isec = inode->i_security;
> + if (sid)
> + *sid = isec->sid;
> + if (class)
> + *class = isec->sclass;
> + }
> + }
> +}
hm. Allowing the user to pass in 1, 2 or 3 NULLs is a bit unfortunate, and
can hide bugs. It'd be nice, if poss, to require that all callers pass in
valid pointers.
> @@ -96,5 +96,10 @@ int security_fs_use(const char *fstype,
> int security_genfs_sid(const char *fstype, char *name, u16 sclass,
> u32 *sid);
>
> +struct sock;
> +struct socket;
> +void security_sk_info(struct sock *sk, u32 *sid, u16 *class);
> +void security_sock_info(struct socket *sock, u32 *sid, u16 *class);
> +
> #endif /* _SELINUX_SECURITY_H_ */
It's best to put these forward declarations right at the top of the header
file. Otherwise we can end up with multiple identical declarations (ie:
someone later puts a declaration at line 50 which needs `struct sock',
finds that a forward decl is needed).
> +++ linux-2.6.17-rc1-cxzhang/include/linux/selinux.h 2006-04-07
> 12:35:49.000000000 -0400
> @@ -0,0 +1,104 @@
> +/*
> + * SELinux services exported to the rest of the kernel.
> + *
> + * Author: James Morris <[EMAIL PROTECTED]>
> + *
> + * Copyright (C) 2005 Red Hat, Inc., James Morris <[EMAIL PROTECTED]>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2,
> + * as published by the Free Software Foundation.
> + */
> +#ifndef _LINUX_SELINUX_H
> +#define _LINUX_SELINUX_H
> +
> +#ifdef CONFIG_SECURITY_SELINUX
> +
> +struct sock;
> +struct socket;
> +
> +/**
> + * selinux_available - check if SELinux is available for use.
> + *
> + * Returns true if configured, enabled, not disabled and policy loaded.
> + */
> +int selinux_available(void);
It's more conventional to put the kernel-doc at the definition rather than
at the declaration. I assume the kernel-doc toolchain handles this, but
afaik, humans look in the .c file for it.
> +void selinux_sock_ctxid(struct socket *sock, u32 *ctxid);
> +
> +/**
> + * selinux_ctx_to_id - map a security context string to an ID
> + * @ctx: the security context string to be mapped
> + * @ctxid: ID value returned via this.
> + *
> + * Returns 0 if successful, with the ID stored in ctxid. A value
> + * of zero for the ctxid indicates no ID could be determined (but
> + * no error occurred). Otherwise, this value should only be used
> + * opaquely (e.g. compare with value from selinux_sk_ctxid())
> + */
> +int selinux_ctx_to_id(const char *ctx, u32 *ctxid);
> +
> +/**
> + * selinux_id_to_ctx - map a security context ID to a string
> + * @ctxid: security context ID to be converted.
> + * @ctx: address of context string to be returned
> + * @ctxlen: length of returned context string.
> + *
> + * Returns 0 if successful, -errno if not. On success, the context
> + * string will be allocated internally, and the caller must call
> + * kfree() on it after use.
> + */
> +int selinux_id_to_ctx(u32 ctxid, char **ctx, u32 *ctxlen);
> +
> +#else
> +
> +static inline int selinux_available(void)
> +{
> + return 0;
> +}
> +
> +static inline void selinux_sk_ctxid(struct sock *sk, u32 *ctxid)
> +{
> + *ctxid = 0;
> +}
Given that we're using `struct sock' here, your forward declaration of it
should have been outside CONFIG_SECURITY_SELINUX.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
