On Wed, 2006-07-12 at 16:12 -0500, Venkat Yekkirala wrote:
> This adds security for IP sockets at the sock level. Security at the
> sock level is needed to enforce the SELinux security policy for security
> associations even when a sock is orphaned (such as in the TCP LAST_ACK state).
>
> Signed-off-by: Venkat Yekkirala <[EMAIL PROTECTED]>
> ---
>
> include/linux/security.h | 12 ++++++++++++
> include/net/sock.h | 13 +++++++++++++
> net/core/sock.c | 2 +-
> security/dummy.c | 5 +++++
> security/selinux/hooks.c | 27 +++++++++++++++++++++------
> security/selinux/include/objsec.h | 1 +
> 6 files changed, 53 insertions(+), 7 deletions(-)
>
> @@ -3564,6 +3574,10 @@ static unsigned int selinux_sk_getsid_se
>
> if (isec)
> sock_sid = isec->sid;
> + else {
> + struct sk_security_struct *sksec = sk->sk_security;
> + sock_sid = sksec->sid;
> + }
>
> read_unlock_bh(&sk->sk_callback_lock);
> return sock_sid;
Is it ever possible for the isec->sid and the sksec->sid to be
inconsistent with one another? Could you just always return the
sksec->sid here and avoid the need to grab the isec altogether (dropping
the requirement for sk_callback_lock at the same time, since you no
longer need sk_socket)?
Likewise, given sksec->sid, why don't you change sock_rcv_skb to always
use it, and eliminate the need for the isec and the sk_callback_lock
there? Similarly for postroute_last's use of isec->sid. With direct
labeling of the sock, it is no longer necessary to extract the isec.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
