diff options
| author | Jeff Garzik <jgarzik@pobox.com> | 2005-08-10 19:46:28 +0200 |
|---|---|---|
| committer | Jeff Garzik <jgarzik@pobox.com> | 2005-08-10 19:46:28 +0200 |
| commit | 2f058256cb64e346f4fb4499ff4e0f1c2791a4b4 (patch) | |
| tree | 91e06602f4d3abb6812ea8c9bc9ba4501e14c84e /security/selinux/ss/services.c | |
| parent | libata: Update 'passthru' branch for latest libata (diff) | |
| parent | [PATCH] Fix ide-disk.c oops caused by hwif == NULL (diff) | |
| download | linux-2f058256cb64e346f4fb4499ff4e0f1c2791a4b4.tar.xz linux-2f058256cb64e346f4fb4499ff4e0f1c2791a4b4.zip | |
Merge /spare/repo/linux-2.6/
Diffstat (limited to 'security/selinux/ss/services.c')
| -rw-r--r-- | security/selinux/ss/services.c | 61 |
1 files changed, 44 insertions, 17 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index b6149147d5cb..014120474e69 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -601,18 +601,7 @@ out: } -/** - * security_context_to_sid - Obtain a SID for a given security context. - * @scontext: security context - * @scontext_len: length in bytes - * @sid: security identifier, SID - * - * Obtains a SID associated with the security context that - * has the string representation specified by @scontext. - * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient - * memory is available, or 0 on success. - */ -int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) +static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) { char *scontext2; struct context context; @@ -703,7 +692,7 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) context.type = typdatum->value; - rc = mls_context_to_sid(oldc, &p, &context); + rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid); if (rc) goto out_unlock; @@ -727,6 +716,46 @@ out: return rc; } +/** + * security_context_to_sid - Obtain a SID for a given security context. + * @scontext: security context + * @scontext_len: length in bytes + * @sid: security identifier, SID + * + * Obtains a SID associated with the security context that + * has the string representation specified by @scontext. + * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient + * memory is available, or 0 on success. + */ +int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) +{ + return security_context_to_sid_core(scontext, scontext_len, + sid, SECSID_NULL); +} + +/** + * security_context_to_sid_default - Obtain a SID for a given security context, + * falling back to specified default if needed. + * + * @scontext: security context + * @scontext_len: length in bytes + * @sid: security identifier, SID + * @def_sid: default SID to assign on errror + * + * Obtains a SID associated with the security context that + * has the string representation specified by @scontext. + * The default SID is passed to the MLS layer to be used to allow + * kernel labeling of the MLS field if the MLS field is not present + * (for upgrading to MLS without full relabel). + * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient + * memory is available, or 0 on success. + */ +int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) +{ + return security_context_to_sid_core(scontext, scontext_len, + sid, def_sid); +} + static int compute_sid_handle_invalid_context( struct context *scontext, struct context *tcontext, @@ -1705,11 +1734,9 @@ out: err: if (*names) { for (i = 0; i < *len; i++) - if ((*names)[i]) - kfree((*names)[i]); + kfree((*names)[i]); } - if (*values) - kfree(*values); + kfree(*values); goto out; } |