Re: [PATCH 1/5] Define the function to write sock's security context to seq_file.

Stephen Smalley <sds@xxxxxxxxxxxxx> · Fri, 05 Aug 2011 09:56:58 -0400

On Fri, 2011-08-05 at 16:58 +0800, rongqing.li@xxxxxxxxxxxxx wrote:
> From: Roy.Li <rongqing.li@xxxxxxxxxxxxx>
> 
> This function will write the sock's security context to a seq_file
> and return the error code, and the number of characters successfully
> written is written in int pointers parameter.
> 
> This function will be called when export socket information to proc.
> 
> Signed-off-by: Roy.Li <rongqing.li@xxxxxxxxxxxxx>
> ---
>  include/net/sock.h |    1 +
>  net/core/sock.c    |   26 ++++++++++++++++++++++++++
>  2 files changed, 27 insertions(+), 0 deletions(-)

> diff --git a/net/core/sock.c b/net/core/sock.c
> index bc745d0..1126a49 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -2254,6 +2254,32 @@ void sk_common_release(struct sock *sk)
>  }
>  EXPORT_SYMBOL(sk_common_release);
>  
> +int sock_write_secctx(struct sock *sk, struct seq_file *seq, int *len)
> +{
> +	struct flowi fl;
> +	char *ctx = NULL;
> +	u32 ctxlen;
> +	int res = 0;
> +
> +	*len = 0;
> +
> +	if (sk == NULL)
> +		return -EINVAL;

Is this ever possible?

> +	res = security_socket_getsockname(sk->sk_socket);
> +	if (res)
> +		return res;

I'm not sure it is a good idea to output nothing if permission is denied
to the socket, as opposed to some well-defined string indicating that
condition.  Particularly if someone later adds another field to
the /proc files after the context; we don't want the contents of that
field to be interpreted as the context if permission was denied.

> +
> +	security_sk_classify_flow(sk, &fl);
> +
> +	res = security_secid_to_secctx(fl.flowi_secid, &ctx, &ctxlen);
> +	if (res)
> +		return res;

Likewise, if we couldn't map the secid to a secctx for some reason, we
likely ought to output some well-defined string indicating that
condition.

> +
> +	seq_printf(seq, " %s%n", ctx, len);
> +	security_release_secctx(ctx, ctxlen);
> +	return res;
> +}
> +
>  static DEFINE_RWLOCK(proto_list_lock);
>  static LIST_HEAD(proto_list);
>  

-- 
Stephen Smalley
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.