[PATCH] lsm: add task_setioprio hook

[pandora-kernel.git] / security / selinux / xfrm.c

diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index dfab6c8..6633fb0 100644 (file)
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -132,10 +132,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_us
                goto out;
 
        /*
-        * Does the subject have permission to set security or permission to
-        * do the relabel?
-        * Must be permitted to relabel from default socket type (process type)
-        * to specified context
+        * Does the subject have permission to set security context?
         */
        rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
                          SECCLASS_ASSOCIATION,
@@ -200,6 +197,23 @@ void selinux_xfrm_policy_free(struct xfrm_policy *xp)
                kfree(ctx);
 }
 
+/*
+ * LSM hook implementation that authorizes deletion of labeled policies.
+ */
+int selinux_xfrm_policy_delete(struct xfrm_policy *xp)
+{
+       struct task_security_struct *tsec = current->security;
+       struct xfrm_sec_ctx *ctx = xp->security;
+       int rc = 0;
+
+       if (ctx)
+               rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
+                                 SECCLASS_ASSOCIATION,
+                                 ASSOCIATION__SETCONTEXT, NULL);
+
+       return rc;
+}
+
 /*
  * LSM hook implementation that allocs and transfers sec_ctx spec to
  * xfrm_state.
@@ -281,7 +295,7 @@ u32 selinux_socket_getpeer_dgram(struct sk_buff *skb)
                int i;
 
                for (i = sp->len-1; i >= 0; i--) {
-                       struct xfrm_state *x = sp->x[i].xvec;
+                       struct xfrm_state *x = sp->xvec[i];
                        if (selinux_authorizable_xfrm(x)) {
                                struct xfrm_sec_ctx *ctx = x->security;
                                return ctx->ctx_sid;
@@ -292,6 +306,23 @@ u32 selinux_socket_getpeer_dgram(struct sk_buff *skb)
        return SECSID_NULL;
 }
 
+ /*
+  * LSM hook implementation that authorizes deletion of labeled SAs.
+  */
+int selinux_xfrm_state_delete(struct xfrm_state *x)
+{
+       struct task_security_struct *tsec = current->security;
+       struct xfrm_sec_ctx *ctx = x->security;
+       int rc = 0;
+
+       if (ctx)
+               rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
+                                 SECCLASS_ASSOCIATION,
+                                 ASSOCIATION__SETCONTEXT, NULL);
+
+       return rc;
+}
+
 /*
  * LSM hook that controls access to unlabelled packets.  If
  * a xfrm_state is authorizable (defined by macro) then it was
@@ -314,7 +345,7 @@ int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb)
                 *  Only need to verify the existence of an authorizable sp.
                 */
                for (i = 0; i < sp->len; i++) {
-                       struct xfrm_state *x = sp->x[i].xvec;
+                       struct xfrm_state *x = sp->xvec[i];
 
                        if (x && selinux_authorizable_xfrm(x))
                                goto accept;
@@ -356,18 +387,12 @@ int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb)
                        struct xfrm_state *x = dst_test->xfrm;
 
                        if (x && selinux_authorizable_xfrm(x))
-                               goto accept;
+                               goto out;
                }
        }
 
        rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION,
                          ASSOCIATION__SENDTO, NULL);
-       if (rc)
-               goto drop;
-
-accept:
-       return NF_ACCEPT;
-
-drop:
-       return NF_DROP;
+out:
+       return rc;
 }