NetLabel: Allow passing the LSM domain as a shared pointer
Smack doesn't have the need to create a private copy of the LSM "domain" when setting NetLabel security attributes like SELinux, however, the current NetLabel code requires a private copy of the LSM "domain". This patches fixes that by letting the LSM determine how it wants to pass the domain value. * NETLBL_SECATTR_DOMAIN_CPY The current behavior, NetLabel assumes that the domain value is a copy and frees it when done * NETLBL_SECATTR_DOMAIN New, Smack-friendly behavior, NetLabel assumes that the domain value is a reference to a string managed by the LSM and does not free it when done Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
b9f3124f08
commit
00447872a6
|
@ -162,7 +162,7 @@ struct netlbl_lsm_secattr_catmap {
|
|||
|
||||
/**
|
||||
* struct netlbl_lsm_secattr - NetLabel LSM security attributes
|
||||
* @flags: indicate which attributes are contained in this structure
|
||||
* @flags: indicate structure attributes, see NETLBL_SECATTR_*
|
||||
* @type: indicate the NLTYPE of the attributes
|
||||
* @domain: the NetLabel LSM domain
|
||||
* @cache: NetLabel LSM specific cache
|
||||
|
@ -180,17 +180,22 @@ struct netlbl_lsm_secattr_catmap {
|
|||
* NetLabel itself when returning security attributes to the LSM.
|
||||
*
|
||||
*/
|
||||
struct netlbl_lsm_secattr {
|
||||
u32 flags;
|
||||
/* bitmap values for 'flags' */
|
||||
#define NETLBL_SECATTR_NONE 0x00000000
|
||||
#define NETLBL_SECATTR_DOMAIN 0x00000001
|
||||
#define NETLBL_SECATTR_DOMAIN_CPY (NETLBL_SECATTR_DOMAIN | \
|
||||
NETLBL_SECATTR_FREE_DOMAIN)
|
||||
#define NETLBL_SECATTR_CACHE 0x00000002
|
||||
#define NETLBL_SECATTR_MLS_LVL 0x00000004
|
||||
#define NETLBL_SECATTR_MLS_CAT 0x00000008
|
||||
#define NETLBL_SECATTR_SECID 0x00000010
|
||||
/* bitmap meta-values for 'flags' */
|
||||
#define NETLBL_SECATTR_FREE_DOMAIN 0x01000000
|
||||
#define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \
|
||||
NETLBL_SECATTR_MLS_CAT | \
|
||||
NETLBL_SECATTR_SECID)
|
||||
struct netlbl_lsm_secattr {
|
||||
u32 flags;
|
||||
u32 type;
|
||||
char *domain;
|
||||
struct netlbl_lsm_cache *cache;
|
||||
|
@ -303,7 +308,8 @@ static inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr)
|
|||
*/
|
||||
static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)
|
||||
{
|
||||
kfree(secattr->domain);
|
||||
if (secattr->flags & NETLBL_SECATTR_FREE_DOMAIN)
|
||||
kfree(secattr->domain);
|
||||
if (secattr->flags & NETLBL_SECATTR_CACHE)
|
||||
netlbl_secattr_cache_free(secattr->cache);
|
||||
if (secattr->flags & NETLBL_SECATTR_MLS_CAT)
|
||||
|
|
|
@ -2649,7 +2649,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
|
|||
goto netlbl_sid_to_secattr_failure;
|
||||
secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
|
||||
GFP_ATOMIC);
|
||||
secattr->flags |= NETLBL_SECATTR_DOMAIN;
|
||||
secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY;
|
||||
mls_export_netlbl_lvl(ctx, secattr);
|
||||
rc = mls_export_netlbl_cat(ctx, secattr);
|
||||
if (rc != 0)
|
||||
|
|
|
@ -1275,7 +1275,7 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
|
|||
|
||||
switch (smack_net_nltype) {
|
||||
case NETLBL_NLTYPE_CIPSOV4:
|
||||
nlsp->domain = kstrdup(smack, GFP_ATOMIC);
|
||||
nlsp->domain = smack;
|
||||
nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
|
||||
|
||||
rc = smack_to_cipso(smack, &cipso);
|
||||
|
|
Loading…
Reference in New Issue
Block a user