[RFC][PATCH] collect security labels on user processes generating audit messages
Stephen Smalley
sds at tycho.nsa.gov
Wed Feb 22 14:21:18 UTC 2006
On Fri, 2006-02-17 at 14:58 -0600, Timothy R. Chavez wrote:
> Thanks Darrel! New patch attached... so... assuming this is good... how
> are we going to do this API merger :] ?
> +/**
> + * selinux_task_getsecid - return the SID of task
> + * @tsk: the task whose SID will be returned
> + *
> + * Returns 0 if SELinux is disabled, otherwise the SID is returned.
> + */
> +int selinux_task_getsecid(struct task_struct *tsk);
Ryan noticed that you didn't update this to return u32 yet, unlike the
#else case.
> +u32 selinux_task_getsecid(struct task_struct *tsk)
> +{
> + u32 sid = 0;
> +
> + if (ss_initialized)
> + sid = ((struct task_security_struct *)tsk->security)->sid;
> +
> + return sid;
> +}
You don't strictly need to check ss_initialized in this function; all
tasks are assigned the kernel SID until policy is loaded, so you can
always access the SID. As a matter of style, I'd prefer an explicit
task_security_struct* local variable with separate assignment, i.e.
struct task_security_struct *tsec = tsk->security;
sid = tsec->sid;
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list