diff options
| author | Andrew Morton <akpm@osdl.org> | 2004-01-18 18:38:03 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@home.osdl.org> | 2004-01-18 18:38:03 -0800 |
| commit | fa9b605f51e1cb530f197f6bb608e72d9d778512 (patch) | |
| tree | 0c3d24a0d1c99a34ec2f09f777e9df53bcd17ccc /security | |
| parent | 0129565dcb026535035409875fae2ba1bb1a8b55 (diff) | |
| download | history-fa9b605f51e1cb530f197f6bb608e72d9d778512.tar.gz | |
[PATCH] selinux: socket_has_perm cleanup
From: James Morris <jmorris@redhat.com>
This is a cleanup for the SELinux code, which converts all
remaining appropriate socket hooks over to using socket_has_perm().
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 123 |
1 files changed, 8 insertions, 115 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ec980b81264d42..3892af7fc67852 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2468,65 +2468,21 @@ out: static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) { - int err; - struct sock *sk = sock->sk; - struct avc_audit_data ad; - struct task_security_struct *tsec; - struct inode_security_struct *isec; - - isec = SOCK_INODE(sock)->i_security; - - tsec = current->security; - - AVC_AUDIT_DATA_INIT(&ad, NET); - ad.u.net.sk = sk; - err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, - SOCKET__CONNECT, &isec->avcr, &ad); - if (err) - return err; - - return 0; + return socket_has_perm(current, sock, SOCKET__CONNECT); } static int selinux_socket_listen(struct socket *sock, int backlog) { - int err; - struct task_security_struct *tsec; - struct inode_security_struct *isec; - struct avc_audit_data ad; - - tsec = current->security; - - isec = SOCK_INODE(sock)->i_security; - - AVC_AUDIT_DATA_INIT(&ad, NET); - ad.u.net.sk = sock->sk; - - err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, - SOCKET__LISTEN, &isec->avcr, &ad); - if (err) - return err; - - return 0; + return socket_has_perm(current, sock, SOCKET__LISTEN); } static int selinux_socket_accept(struct socket *sock, struct socket *newsock) { int err; - struct task_security_struct *tsec; struct inode_security_struct *isec; struct inode_security_struct *newisec; - struct avc_audit_data ad; - - tsec = current->security; - - isec = SOCK_INODE(sock)->i_security; - - AVC_AUDIT_DATA_INIT(&ad, NET); - ad.u.net.sk = sock->sk; - err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, - SOCKET__ACCEPT, &isec->avcr, &ad); + err = socket_has_perm(current, sock, SOCKET__ACCEPT); if (err) return err; @@ -2535,6 +2491,7 @@ static int selinux_socket_accept(struct socket *sock, struct socket *newsock) return err; newisec = SOCK_INODE(newsock)->i_security; + isec = SOCK_INODE(sock)->i_security; newisec->sclass = isec->sclass; newisec->sid = isec->sid; @@ -2544,87 +2501,23 @@ static int selinux_socket_accept(struct socket *sock, struct socket *newsock) static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) { - struct task_security_struct *tsec; - struct inode_security_struct *isec; - struct avc_audit_data ad; - struct sock *sk; - int err; - - isec = SOCK_INODE(sock)->i_security; - - tsec = current->security; - - sk = sock->sk; - - AVC_AUDIT_DATA_INIT(&ad, NET); - ad.u.net.sk = sk; - err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, - SOCKET__WRITE, &isec->avcr, &ad); - if (err) - return err; - - return 0; + return socket_has_perm(current, sock, SOCKET__WRITE); } static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags) { - struct inode_security_struct *isec; - struct task_security_struct *tsec; - struct avc_audit_data ad; - int err; - - isec = SOCK_INODE(sock)->i_security; - tsec = current->security; - - AVC_AUDIT_DATA_INIT(&ad,NET); - ad.u.net.sk = sock->sk; - err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, - SOCKET__READ, &isec->avcr, &ad); - if (err) - return err; - - return 0; + return socket_has_perm(current, sock, SOCKET__READ); } static int selinux_socket_getsockname(struct socket *sock) { - struct inode_security_struct *isec; - struct task_security_struct *tsec; - struct avc_audit_data ad; - int err; - - tsec = current->security; - isec = SOCK_INODE(sock)->i_security; - - AVC_AUDIT_DATA_INIT(&ad,NET); - ad.u.net.sk = sock->sk; - err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, - SOCKET__GETATTR, &isec->avcr, &ad); - if (err) - return err; - - return 0; + return socket_has_perm(current, sock, SOCKET__GETATTR); } static int selinux_socket_getpeername(struct socket *sock) { - struct inode_security_struct *isec; - struct task_security_struct *tsec; - struct avc_audit_data ad; - int err; - - tsec = current->security; - isec = SOCK_INODE(sock)->i_security; - - AVC_AUDIT_DATA_INIT(&ad,NET); - ad.u.net.sk = sock->sk; - err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, - SOCKET__GETATTR, &isec->avcr, &ad); - if (err) - return err; - - return 0; + return socket_has_perm(current, sock, SOCKET__GETATTR); } static int selinux_socket_setsockopt(struct socket *sock,int level,int optname) |