[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] collect security labels on user processes generating audit messages



On Fri, 2006-02-17 at 14:58 -0600, Timothy R. Chavez wrote:
> Thanks Darrel!  New patch attached... so... assuming this is good... how
> are we going to do this API merger :] ?

> +/**
> + *     selinux_task_getsecid - return the SID of task
> + *	@tsk: the task whose SID will be returned
> + *
> + * 	Returns 0 if SELinux is disabled, otherwise the SID is returned.
> + */
> +int selinux_task_getsecid(struct task_struct *tsk);

Ryan noticed that you didn't update this to return u32 yet, unlike the
#else case.

> +u32 selinux_task_getsecid(struct task_struct *tsk)
> +{
> +	u32 sid = 0;
> +
> +	if (ss_initialized)
> +		sid = ((struct task_security_struct *)tsk->security)->sid;
> +	
> +	return sid;
> +}

You don't strictly need to check ss_initialized in this function; all
tasks are assigned the kernel SID until policy is loaded, so you can
always access the SID.  As a matter of style, I'd prefer an explicit
task_security_struct* local variable with separate assignment, i.e.
	struct task_security_struct *tsec = tsk->security;
	sid = tsec->sid;

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]