From patchwork Fri Aug  5 08:58:02 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: li qongqing <rongqing.li@windriver.com>
X-Patchwork-Id: 108620
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 82123B6F70
	for <patchwork-incoming@ozlabs.org>;
	Fri,  5 Aug 2011 18:58:19 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756130Ab1HEI6N (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 5 Aug 2011 04:58:13 -0400
Received: from mail.windriver.com ([147.11.1.11]:34182 "EHLO
	mail.windriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753895Ab1HEI6K (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 5 Aug 2011 04:58:10 -0400
Received: from ALA-HCA.corp.ad.wrs.com (ala-hca [147.11.189.40])
	by mail.windriver.com (8.14.3/8.14.3) with ESMTP id p758w8qg018249
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL);
	Fri, 5 Aug 2011 01:58:08 -0700 (PDT)
Received: from lirq-OptiPlex-780.corp.ad.wrs.com (128.224.162.158) by
	ALA-HCA.corp.ad.wrs.com (147.11.189.50) with Microsoft SMTP Server id
	14.1.255.0; Fri, 5 Aug 2011 01:58:08 -0700
From: <rongqing.li@windriver.com>
To: <netdev@vger.kernel.org>, <selinux@tycho.nsa.gov>
Subject: [PATCH 1/5] Define the function to write sock's security context to
	seq_file.
Date: Fri, 5 Aug 2011 16:58:02 +0800
Message-ID: <1312534686-4099-2-git-send-email-rongqing.li@windriver.com>
X-Mailer: git-send-email 1.7.1
In-Reply-To: <1312534686-4099-1-git-send-email-rongqing.li@windriver.com>
References: <1312534686-4099-1-git-send-email-rongqing.li@windriver.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Roy.Li <rongqing.li@windriver.com>

This function will write the sock's security context to a seq_file
and return the error code, and the number of characters successfully
written is written in int pointers parameter.

This function will be called when export socket information to proc.

Signed-off-by: Roy.Li <rongqing.li@windriver.com>
---
 include/net/sock.h |    1 +
 net/core/sock.c    |   26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/include/net/sock.h b/include/net/sock.h
index 8e4062f..0366ab1 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1828,6 +1828,7 @@ static inline struct sock *skb_steal_sock(struct sk_buff *skb)
 extern void sock_enable_timestamp(struct sock *sk, int flag);
 extern int sock_get_timestamp(struct sock *, struct timeval __user *);
 extern int sock_get_timestampns(struct sock *, struct timespec __user *);
+extern int sock_write_secctx(struct sock *sk, struct seq_file *seq, int *len);
 
 /* 
  *	Enable debug/info messages 
diff --git a/net/core/sock.c b/net/core/sock.c
index bc745d0..1126a49 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2254,6 +2254,32 @@ void sk_common_release(struct sock *sk)
 }
 EXPORT_SYMBOL(sk_common_release);
 
+int sock_write_secctx(struct sock *sk, struct seq_file *seq, int *len)
+{
+	struct flowi fl;
+	char *ctx = NULL;
+	u32 ctxlen;
+	int res = 0;
+
+	*len = 0;
+
+	if (sk == NULL)
+		return -EINVAL;
+	res = security_socket_getsockname(sk->sk_socket);
+	if (res)
+		return res;
+
+	security_sk_classify_flow(sk, &fl);
+
+	res = security_secid_to_secctx(fl.flowi_secid, &ctx, &ctxlen);
+	if (res)
+		return res;
+
+	seq_printf(seq, " %s%n", ctx, len);
+	security_release_secctx(ctx, ctxlen);
+	return res;
+}
+
 static DEFINE_RWLOCK(proto_list_lock);
 static LIST_HEAD(proto_list);