xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SELinux: Add a network node caching mechanism similar to the sel_netif_*() functions

Browse Source 
This patch adds a SELinux IP address/node SID caching mechanism similar to the
sel_netif_*() functions.  The node SID queries in the SELinux hooks files are
also modified to take advantage of this new functionality.  In addition, remove
the address length information from the sk_buff parsing routines as it is
redundant since we already have the address family.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Paul Moore
2008-01-29 08:38:13 -05:00
committed by James Morris
parent da5645a28a
commit 224dfbd81e
5 changed files with 416 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
security/selinux/include/objsec.h
View File

@@ -100,6 +100,15 @@ struct netif_security_struct {
u32 sid; /* SID for this interface */
};
struct netnode_security_struct {
union {
__be32 ipv4; /* IPv4 node address */
struct in6_addr ipv6; /* IPv6 node address */
} addr;
u32 sid; /* SID for this node */
u16 family; /* address family */
};
struct sk_security_struct {
struct sock *sk; /* back pointer to sk object */
u32 sid; /* SID of this object */