]> git.baikalelectronics.ru Git - kernel.git/commit
selinux: Convert socket related access controls to use socket labels
authorPaul Moore <paul.moore@hp.com>
Thu, 22 Apr 2010 18:46:19 +0000 (14:46 -0400)
committerJames Morris <jmorris@namei.org>
Mon, 2 Aug 2010 05:34:39 +0000 (15:34 +1000)
commit243902902856917b8dc5cf99ace279de39b76d9e
treec3599a18f06664160a55a20b30428ba4faf6e2c0
parentc68885b925fa5aaa74d38298828bf3e0d5b53d49
selinux: Convert socket related access controls to use socket labels

At present, the socket related access controls use a mix of inode and
socket labels; while there should be no practical difference (they
_should_ always be the same), it makes the code more confusing.  This
patch attempts to convert all of the socket related access control
points (with the exception of some of the inode/fd based controls) to
use the socket's own label.  In the process, I also converted the
socket_has_perm() function to take a 'sock' argument instead of a
'socket' since that was adding a bit more overhead in some cases.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/hooks.c