diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-29 01:30:42 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-29 01:30:42 +0100 |
commit | 7541bba880fb6989f489f0c68fa246a375b44035 (patch) | |
tree | 19ce55af8e8732aa61cb8db529cf2304d9d738b5 /include | |
parent | Annotate struct fs_struct's usage count restriction (diff) | |
parent | smack: Add a new '-CIPSO' option to the network address label configuration (diff) | |
download | linux-7541bba880fb6989f489f0c68fa246a375b44035.tar.xz linux-7541bba880fb6989f489f0c68fa246a375b44035.zip |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
smack: Add a new '-CIPSO' option to the network address label configuration
netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections
lsm: Remove the socket_post_accept() hook
selinux: Remove the "compat_net" compatibility code
netlabel: Label incoming TCP connections correctly in SELinux
lsm: Relocate the IPv4 security_inet_conn_request() hooks
TOMOYO: Fix a typo.
smack: convert smack to standard linux lists
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/security.h | 13 | ||||
-rw-r--r-- | include/net/cipso_ipv4.h | 17 | ||||
-rw-r--r-- | include/net/netlabel.h | 17 |
3 files changed, 33 insertions, 14 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 1f2ab6353c00..54ed15799a83 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -880,11 +880,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @sock contains the listening socket structure. * @newsock contains the newly created server socket for connection. * Return 0 if permission is granted. - * @socket_post_accept: - * This hook allows a security module to copy security - * information into the newly created socket's inode. - * @sock contains the listening socket structure. - * @newsock contains the newly created server socket for connection. * @socket_sendmsg: * Check permission before transmitting a message to another socket. * @sock contains the socket structure. @@ -1554,8 +1549,6 @@ struct security_operations { struct sockaddr *address, int addrlen); int (*socket_listen) (struct socket *sock, int backlog); int (*socket_accept) (struct socket *sock, struct socket *newsock); - void (*socket_post_accept) (struct socket *sock, - struct socket *newsock); int (*socket_sendmsg) (struct socket *sock, struct msghdr *msg, int size); int (*socket_recvmsg) (struct socket *sock, @@ -2537,7 +2530,6 @@ int security_socket_bind(struct socket *sock, struct sockaddr *address, int addr int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); int security_socket_listen(struct socket *sock, int backlog); int security_socket_accept(struct socket *sock, struct socket *newsock); -void security_socket_post_accept(struct socket *sock, struct socket *newsock); int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags); @@ -2616,11 +2608,6 @@ static inline int security_socket_accept(struct socket *sock, return 0; } -static inline void security_socket_post_accept(struct socket *sock, - struct socket *newsock) -{ -} - static inline int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) { diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h index bedc7f62e35d..abd443604c9f 100644 --- a/include/net/cipso_ipv4.h +++ b/include/net/cipso_ipv4.h @@ -40,6 +40,7 @@ #include <linux/net.h> #include <linux/skbuff.h> #include <net/netlabel.h> +#include <net/request_sock.h> #include <asm/atomic.h> /* known doi values */ @@ -215,6 +216,10 @@ int cipso_v4_sock_setattr(struct sock *sk, const struct netlbl_lsm_secattr *secattr); void cipso_v4_sock_delattr(struct sock *sk); int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr); +int cipso_v4_req_setattr(struct request_sock *req, + const struct cipso_v4_doi *doi_def, + const struct netlbl_lsm_secattr *secattr); +void cipso_v4_req_delattr(struct request_sock *req); int cipso_v4_skbuff_setattr(struct sk_buff *skb, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr); @@ -247,6 +252,18 @@ static inline int cipso_v4_sock_getattr(struct sock *sk, return -ENOSYS; } +static inline int cipso_v4_req_setattr(struct request_sock *req, + const struct cipso_v4_doi *doi_def, + const struct netlbl_lsm_secattr *secattr) +{ + return -ENOSYS; +} + +static inline void cipso_v4_req_delattr(struct request_sock *req) +{ + return; +} + static inline int cipso_v4_skbuff_setattr(struct sk_buff *skb, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr) diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 749011eedc0b..60ebbc1fef46 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -36,6 +36,7 @@ #include <linux/in.h> #include <linux/in6.h> #include <net/netlink.h> +#include <net/request_sock.h> #include <asm/atomic.h> struct cipso_v4_doi; @@ -406,6 +407,7 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap, */ int netlbl_enabled(void); int netlbl_sock_setattr(struct sock *sk, + u16 family, const struct netlbl_lsm_secattr *secattr); void netlbl_sock_delattr(struct sock *sk); int netlbl_sock_getattr(struct sock *sk, @@ -413,6 +415,9 @@ int netlbl_sock_getattr(struct sock *sk, int netlbl_conn_setattr(struct sock *sk, struct sockaddr *addr, const struct netlbl_lsm_secattr *secattr); +int netlbl_req_setattr(struct request_sock *req, + const struct netlbl_lsm_secattr *secattr); +void netlbl_req_delattr(struct request_sock *req); int netlbl_skbuff_setattr(struct sk_buff *skb, u16 family, const struct netlbl_lsm_secattr *secattr); @@ -519,7 +524,8 @@ static inline int netlbl_enabled(void) return 0; } static inline int netlbl_sock_setattr(struct sock *sk, - const struct netlbl_lsm_secattr *secattr) + u16 family, + const struct netlbl_lsm_secattr *secattr) { return -ENOSYS; } @@ -537,6 +543,15 @@ static inline int netlbl_conn_setattr(struct sock *sk, { return -ENOSYS; } +static inline int netlbl_req_setattr(struct request_sock *req, + const struct netlbl_lsm_secattr *secattr) +{ + return -ENOSYS; +} +static inline void netlbl_req_delattr(struct request_sock *req) +{ + return; +} static inline int netlbl_skbuff_setattr(struct sk_buff *skb, u16 family, const struct netlbl_lsm_secattr *secattr) |