summaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2010-10-13 16:24:41 -0400
committerJames Morris <jmorris@namei.org>2010-10-21 10:12:48 +1100
commit2606fd1fa5710205b23ee859563502aa18362447 (patch)
treef79becd7010a2da1a765829fce0e09327cd50531 /security/security.c
parent15714f7b58011cf3948cab2988abea560240c74f (diff)
downloadlinux-2606fd1fa5710205b23ee859563502aa18362447.tar.gz
linux-2606fd1fa5710205b23ee859563502aa18362447.tar.bz2
linux-2606fd1fa5710205b23ee859563502aa18362447.zip
secmark: make secmark object handling generic
Right now secmark has lots of direct selinux calls. Use all LSM calls and remove all SELinux specific knowledge. The only SELinux specific knowledge we leave is the mode. The only point is to make sure that other LSMs at least test this generic code before they assume it works. (They may also have to make changes if they do not represent labels as strings) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Moore <paul.moore@hp.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index 1cbcdfa4b015..b50f472061a4 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1136,6 +1136,24 @@ void security_inet_conn_established(struct sock *sk,
security_ops->inet_conn_established(sk, skb);
}
+int security_secmark_relabel_packet(u32 secid)
+{
+ return security_ops->secmark_relabel_packet(secid);
+}
+EXPORT_SYMBOL(security_secmark_relabel_packet);
+
+void security_secmark_refcount_inc(void)
+{
+ security_ops->secmark_refcount_inc();
+}
+EXPORT_SYMBOL(security_secmark_refcount_inc);
+
+void security_secmark_refcount_dec(void)
+{
+ security_ops->secmark_refcount_dec();
+}
+EXPORT_SYMBOL(security_secmark_refcount_dec);
+
int security_tun_dev_create(void)
{
return security_ops->tun_dev_create();