[MLSXFRM]: Define new SELinux service routine
This defines a routine that combines the Type Enforcement portion of one sid with the MLS portion from the other sid to arrive at a new sid. This would be used to define a sid for a security association that is to be negotiated by IKE as well as for determing the sid for open requests and connection-oriented child sockets. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Venkat Yekkirala
committed by
David S. Miller
David S. Miller
parent
51bd39860f
commit
08554d6b33
@ -211,26 +211,6 @@ int mls_context_isvalid(struct policydb *p, struct context *c)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Copies the MLS range from `src' into `dst'.
|
||||
*/
|
||||
static inline int mls_copy_context(struct context *dst,
|
||||
struct context *src)
|
||||
{
|
||||
int l, rc = 0;
|
||||
|
||||
/* Copy the MLS range from the source context */
|
||||
for (l = 0; l < 2; l++) {
|
||||
dst->range.level[l].sens = src->range.level[l].sens;
|
||||
rc = ebitmap_cpy(&dst->range.level[l].cat,
|
||||
&src->range.level[l].cat);
|
||||
if (rc)
|
||||
break;
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
/*
|
||||
* Set the MLS fields in the security context structure
|
||||
* `context' based on the string representation in
|
||||
|
||||
Reference in New Issue
Block a user