[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] context based audit filtering (take 4)



On Thu, 2006-02-23 at 11:42 -0600, Darrel Goeddel wrote:
> diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
> index 640d0bf..df358be 100644
> --- a/security/selinux/ss/mls.c
> +++ b/security/selinux/ss/mls.c
> @@ -385,6 +385,31 @@ out:
>  }
>  
>  /*
> + * Set the MLS fields in the security context structure
> + * `context' based on the string representation in
> + * the string `str'.  This function will allocate temporary memory with the
> + * given constraints of gfp_mask.
> + */
> +int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
> +{
> +	char *tmpstr, *freestr;
> +	int rc;

Likely should be checking selinux_mls_enabled on entry and returning an
error in that case (mls_context_to_sid will just return 0 in that case).

> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index d877cd1..a2ad2cd 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c

Need to #include <linux/selinux.h> now to pick up the function
prototypes for the selinux_audit_ functions to ensure that they are
checked against the real functions.

> +	default:
> +		/* only the above fileds are valid */

Nit:  Typo in comment.

Otherwise, looks good.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]