[MLSXFRM]: Add security sid to sock

This adds security for IP sockets at the sock level. Security at the sock level is needed to enforce the SELinux security policy for security associations even when a sock is orphaned (such as in the TCP LAST_ACK state). This will also be used to enforce SELinux controls over data arriving at or leaving a child socket while it's still waiting to be accepted. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Venkat Yekkirala <vyekkirala@TrustedCS.com> 2006-08-05 06:08:56 (GMT)
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 21:53:22 (GMT)
commit: 892c141e62982272b9c738b5520ad0e5e1ad7b42 (patch)
tree: c8e0c9b3e55106d2cb085a5047b9d02dbbb28653 /security/selinux/include/objsec.h
parent: 08554d6b33e60aa8ee40bbef94505941c0eefef2 (diff)
download: linux-892c141e62982272b9c738b5520ad0e5e1ad7b42.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 9401788..79b9e0a 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -99,6 +99,7 @@ struct netif_security_struct {
 
 struct sk_security_struct {
 	struct sock *sk;		/* back pointer to sk object */
+	u32 sid;			/* SID of this object */
 	u32 peer_sid;			/* SID of peer */
 };
author	Venkat Yekkirala <vyekkirala@TrustedCS.com>	2006-08-05 06:08:56 (GMT)
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 21:53:22 (GMT)
commit	892c141e62982272b9c738b5520ad0e5e1ad7b42 (patch)
tree	c8e0c9b3e55106d2cb085a5047b9d02dbbb28653 /security/selinux/include/objsec.h
parent	08554d6b33e60aa8ee40bbef94505941c0eefef2 (diff)
download	linux-892c141e62982272b9c738b5520ad0e5e1ad7b42.tar.xz