#include <linux/selinux.h>
#include <linux/fs.h>
#include <linux/ipc.h>
+#include <asm/atomic.h>
#include "security.h"
#include "objsec.h"
-int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen)
+/* SECMARK reference count */
+extern atomic_t selinux_secmark_refcount;
+
+int selinux_string_to_sid(char *str, u32 *sid)
{
if (selinux_enabled)
- return security_sid_to_context(sid, ctx, ctxlen);
+ return security_context_to_sid(str, strlen(str), sid);
else {
- *ctx = NULL;
- *ctxlen = 0;
+ *sid = 0;
+ return 0;
}
-
- return 0;
}
+EXPORT_SYMBOL_GPL(selinux_string_to_sid);
-void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
+int selinux_secmark_relabel_packet_permission(u32 sid)
{
if (selinux_enabled) {
- struct inode_security_struct *isec = inode->i_security;
- *sid = isec->sid;
- return;
- }
- *sid = 0;
-}
+ const struct task_security_struct *__tsec;
+ u32 tsid;
-void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
-{
- if (selinux_enabled) {
- struct ipc_security_struct *isec = ipcp->security;
- *sid = isec->sid;
- return;
+ __tsec = current_security();
+ tsid = __tsec->sid;
+
+ return avc_has_perm(tsid, sid, SECCLASS_PACKET,
+ PACKET__RELABELTO, NULL);
}
- *sid = 0;
+ return 0;
}
+EXPORT_SYMBOL_GPL(selinux_secmark_relabel_packet_permission);
-void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
+void selinux_secmark_refcount_inc(void)
{
- if (selinux_enabled) {
- struct task_security_struct *tsec = tsk->security;
- *sid = tsec->sid;
- return;
- }
- *sid = 0;
+ atomic_inc(&selinux_secmark_refcount);
}
+EXPORT_SYMBOL_GPL(selinux_secmark_refcount_inc);
-int selinux_string_to_sid(char *str, u32 *sid)
+void selinux_secmark_refcount_dec(void)
{
- if (selinux_enabled)
- return security_context_to_sid(str, strlen(str), sid);
- else {
- *sid = 0;
- return 0;
- }
+ atomic_dec(&selinux_secmark_refcount);
}
-EXPORT_SYMBOL_GPL(selinux_string_to_sid);
+EXPORT_SYMBOL_GPL(selinux_secmark_refcount_dec);
-int selinux_relabel_packet_permission(u32 sid)
+bool selinux_is_enabled(void)
{
- if (selinux_enabled) {
- struct task_security_struct *tsec = current->security;
-
- return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET,
- PACKET__RELABELTO, NULL);
- }
- return 0;
+ return selinux_enabled;
}
-EXPORT_SYMBOL_GPL(selinux_relabel_packet_permission);
+EXPORT_SYMBOL_GPL(selinux_is_enabled);