[PATCH] selinux: socket_has_perm cleanup

From: James Morris <jmorris@redhat.com> This is a cleanup for the SELinux code, which converts all remaining appropriate socket hooks over to using socket_has_perm().

[PATCH] selinux: socket_has_perm cleanup
From: James Morris <jmorris@redhat.com> This is a cleanup for the SELinux code, which converts all remaining appropriate socket hooks over to using socket_has_perm().
fa9b605f · Andrew Morton · Linus Torvalds · 0129565d · fa9b605f
Commit fa9b605f authored Jan 18, 2004 by Andrew Morton Committed by Linus Torvalds Jan 18, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 115 deletions

security/selinux/hooks.c security/selinux/hooks.c +8 -115

No files found.
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2468,65 +2468,21 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
 static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
 {
-	int err;
+	return socket_has_perm(current, sock, SOCKET__CONNECT);
-	struct sock *sk = sock->sk;
-	struct avc_audit_data ad;
-	struct task_security_struct *tsec;
-	struct inode_security_struct *isec;
-	isec = SOCK_INODE(sock)->i_security;
-	tsec = current->security;
-	AVC_AUDIT_DATA_INIT(&ad, NET);
-	ad.u.net.sk = sk;
-	err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
-			   SOCKET__CONNECT, &isec->avcr, &ad);
-	if (err)
-		return err;
-	return 0;
 }
 static int selinux_socket_listen(struct socket *sock, int backlog)
 {
-	int err;
+	return socket_has_perm(current, sock, SOCKET__LISTEN);
-	struct task_security_struct *tsec;
-	struct inode_security_struct *isec;
-	struct avc_audit_data ad;
-	tsec = current->security;
-	isec = SOCK_INODE(sock)->i_security;
-	AVC_AUDIT_DATA_INIT(&ad, NET);
-	ad.u.net.sk = sock->sk;
-	err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
-			   SOCKET__LISTEN, &isec->avcr, &ad);
-	if (err)
-		return err;
-	return 0;
 }
 static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
 {
 	int err;
-	struct task_security_struct *tsec;
 	struct inode_security_struct *isec;
 	struct inode_security_struct *newisec;
-	struct avc_audit_data ad;
-	tsec = current->security;
-	isec = SOCK_INODE(sock)->i_security;
-	AVC_AUDIT_DATA_INIT(&ad, NET);
-	ad.u.net.sk = sock->sk;
-	err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
+	err = socket_has_perm(current, sock, SOCKET__ACCEPT);
-			   SOCKET__ACCEPT, &isec->avcr, &ad);
 	if (err)
 		return err;
@@ -2535,6 +2491,7 @@ static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
 		return err;
 	newisec = SOCK_INODE(newsock)->i_security;
+	isec = SOCK_INODE(sock)->i_security;
 	newisec->sclass = isec->sclass;
 	newisec->sid = isec->sid;
@@ -2544,87 +2501,23 @@ static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
 static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
 				  int size)
 {
-	struct task_security_struct *tsec;
+	return socket_has_perm(current, sock, SOCKET__WRITE);
-	struct inode_security_struct *isec;
-	struct avc_audit_data ad;
-	struct sock *sk;
-	int err;
-	isec = SOCK_INODE(sock)->i_security;
-	tsec = current->security;
-	sk = sock->sk;
-	AVC_AUDIT_DATA_INIT(&ad, NET);
-	ad.u.net.sk = sk;
-	err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
-			   SOCKET__WRITE, &isec->avcr, &ad);
-	if (err)
-		return err;
-	return 0;
 }
 static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
 				  int size, int flags)
 {
-	struct inode_security_struct *isec;
+	return socket_has_perm(current, sock, SOCKET__READ);
-	struct task_security_struct *tsec;
-	struct avc_audit_data ad;
-	int err;
-	isec = SOCK_INODE(sock)->i_security;
-	tsec = current->security;
-	AVC_AUDIT_DATA_INIT(&ad,NET);
-	ad.u.net.sk = sock->sk;
-	err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
-			   SOCKET__READ, &isec->avcr, &ad);
-	if (err)
-		return err;
-	return 0;
 }
 static int selinux_socket_getsockname(struct socket *sock)
 {
-	struct inode_security_struct *isec;
+	return socket_has_perm(current, sock, SOCKET__GETATTR);
-	struct task_security_struct *tsec;
-	struct avc_audit_data ad;
-	int err;
-	tsec = current->security;
-	isec = SOCK_INODE(sock)->i_security;
-	AVC_AUDIT_DATA_INIT(&ad,NET);
-	ad.u.net.sk = sock->sk;
-	err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
-			   SOCKET__GETATTR, &isec->avcr, &ad);
-	if (err)
-		return err;
-	return 0;
 }
 static int selinux_socket_getpeername(struct socket *sock)
 {
-	struct inode_security_struct *isec;
+	return socket_has_perm(current, sock, SOCKET__GETATTR);
-	struct task_security_struct *tsec;
-	struct avc_audit_data ad;
-	int err;
-	tsec = current->security;
-	isec = SOCK_INODE(sock)->i_security;
-	AVC_AUDIT_DATA_INIT(&ad,NET);
-	ad.u.net.sk = sock->sk;
-	err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
-			   SOCKET__GETATTR, &isec->avcr, &ad);
-	if (err)
-		return err;
-	return 0;
 }
 static int selinux_socket_setsockopt(struct socket *sock,int level,int optname)