From 00447872a643787411c2c0cb1df6169dda8b0c47 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Sat, 12 Apr 2008 19:06:42 -0700 Subject: NetLabel: Allow passing the LSM domain as a shared pointer Smack doesn't have the need to create a private copy of the LSM "domain" when setting NetLabel security attributes like SELinux, however, the current NetLabel code requires a private copy of the LSM "domain". This patches fixes that by letting the LSM determine how it wants to pass the domain value. * NETLBL_SECATTR_DOMAIN_CPY The current behavior, NetLabel assumes that the domain value is a copy and frees it when done * NETLBL_SECATTR_DOMAIN New, Smack-friendly behavior, NetLabel assumes that the domain value is a reference to a string managed by the LSM and does not free it when done Signed-off-by: Paul Moore Acked-by: James Morris Signed-off-by: David S. Miller --- security/selinux/ss/services.c | 2 +- security/smack/smack_lsm.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'security') diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f3741860121..47295acd09c 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2649,7 +2649,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) goto netlbl_sid_to_secattr_failure; secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], GFP_ATOMIC); - secattr->flags |= NETLBL_SECATTR_DOMAIN; + secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY; mls_export_netlbl_lvl(ctx, secattr); rc = mls_export_netlbl_cat(ctx, secattr); if (rc != 0) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 732ba27923c..e2d6f7cd925 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1275,7 +1275,7 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) switch (smack_net_nltype) { case NETLBL_NLTYPE_CIPSOV4: - nlsp->domain = kstrdup(smack, GFP_ATOMIC); + nlsp->domain = smack; nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; rc = smack_to_cipso(smack, &cipso); -- cgit v1.2.3