SELinux: Socket retains creator role and MLS attribute The socket SID would be computed on creation and no longer inherit its creator's SID by default. Socket may have a different type but needs to retain the creator's role and MLS attribute in order not to break labeled networking and network access control. The kernel value for a class would be used to determine if the class if one of socket classes. If security_compute_sid is called from userspace the policy value for a class would be mapped to the relevant kernel value first. Signed-off-by: Harry Ciao <[email protected]> Signed-off-by: Eric Paris <[email protected]> Acked-by: Stephen Smalley <[email protected]>

commit: 6f5317e730505d5cbc851c435a2dfe3d5a21d343 [log] [tgz]
author: Harry Ciao <[email protected]> Wed Mar 02 13:32:33 2011 +0800
committer: Eric Paris <[email protected]> Thu Mar 03 15:19:43 2011 -0500
tree: 02088cf519a00db5c6fbdb2cc8776402413eb662
parent: 4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad [diff] [blame]
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index cd91526..037bf9d 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h

@@ -49,7 +49,8 @@
 		    struct context *tcontext,
 		    u16 tclass,
 		    u32 specified,
-		    struct context *newcontext);
+		    struct context *newcontext,
+		    bool sock);
 
 int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
 			 struct context *usercon);
commit	6f5317e730505d5cbc851c435a2dfe3d5a21d343	[log] [tgz]
author	Harry Ciao <[email protected]>	Wed Mar 02 13:32:33 2011 +0800
committer	Eric Paris <[email protected]>	Thu Mar 03 15:19:43 2011 -0500
tree	02088cf519a00db5c6fbdb2cc8776402413eb662
parent	4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad [diff] [blame]