[NetLabel]: SELinux support

	int (*unix_may_send) (struct socket * sock, struct socket * other);

	int (*socket_create) (int family, int type, int protocol, int kern);

	void (*socket_post_create) (struct socket * sock, int family,

	int (*socket_post_create) (struct socket * sock, int family,

				   int type, int protocol, int kern);

	int (*socket_bind) (struct socket * sock,

			    struct sockaddr * address, int addrlen);

	return security_ops->socket_create(family, type, protocol, kern);

}

static inline void security_socket_post_create(struct socket * sock, 

static inline int security_socket_post_create(struct socket * sock,

					      int family,

					      int type,

					      int protocol, int kern)

{

	security_ops->socket_post_create(sock, family, type,

	return security_ops->socket_post_create(sock, family, type,

						protocol, kern);

}

	return 0;

}

static inline void security_socket_post_create(struct socket * sock, 

static inline int security_socket_post_create(struct socket * sock,

					      int family,

					      int type,

					      int protocol, int kern)

{

	return 0;

}

static inline int security_socket_bind(struct socket * sock, 

		goto out;

	}

	security_socket_post_create(sock, family, type, protocol, 1);

	sock->type = type;

	err = security_socket_post_create(sock, family, type, protocol, 1);

	if (err)

		goto out_release;

out:

	*res = sock;

	return err;

out_release:

	sock_release(sock);

	sock = NULL;

	goto out;

}

/* No kernel lock held - perfect */

	 */

	module_put(net_families[family]->owner);

	*res = sock;

	security_socket_post_create(sock, family, type, protocol, kern);

	err = security_socket_post_create(sock, family, type, protocol, kern);

	if (err)

		goto out_release;

out:

	net_family_read_unlock();

	return 0;

}

static void dummy_socket_post_create (struct socket *sock, int family, int type,

static int dummy_socket_post_create (struct socket *sock, int family, int type,

				     int protocol, int kern)

{

	return;

	return 0;

}

static int dummy_socket_bind (struct socket *sock, struct sockaddr *address,

 *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>

 *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.

 *                          <dgoeddel@trustedcs.com>

 *  Copyright (C) 2006 Hewlett-Packard Development Company, L.P.

 *                     Paul Moore, <paul.moore@hp.com>

 *

 *	This program is free software; you can redistribute it and/or modify

 *	it under the terms of the GNU General Public License version 2,

#include "objsec.h"

#include "netif.h"

#include "xfrm.h"

#include "selinux_netlabel.h"

#define XATTR_SELINUX_SUFFIX "selinux"

#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX

static int selinux_file_permission(struct file *file, int mask)

{

	int rc;

	struct inode *inode = file->f_dentry->d_inode;

	if (!mask) {

	if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))

		mask |= MAY_APPEND;

	return file_has_perm(current, file,

	rc = file_has_perm(current, file,

			   file_mask_to_av(inode->i_mode, mask));

	if (rc)

		return rc;

	return selinux_netlbl_inode_permission(inode, mask);

}

static int selinux_file_alloc_security(struct file *file)

	return err;

}

static void selinux_socket_post_create(struct socket *sock, int family,

static int selinux_socket_post_create(struct socket *sock, int family,

				      int type, int protocol, int kern)

{

	int err = 0;

	struct inode_security_struct *isec;

	struct task_security_struct *tsec;

	struct sk_security_struct *sksec;

	if (sock->sk) {

		sksec = sock->sk->sk_security;

		sksec->sid = isec->sid;

		err = selinux_netlbl_socket_post_create(sock,

							family,

							isec->sid);

	}

	return;

	return err;

}

/* Range of port numbers used to automatically bind.

static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,

 				  int size)

{

	return socket_has_perm(current, sock, SOCKET__WRITE);

	int rc;

	rc = socket_has_perm(current, sock, SOCKET__WRITE);

	if (rc)

		return rc;

	return selinux_netlbl_inode_permission(SOCK_INODE(sock), MAY_WRITE);

}

static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,

	if (err)

		goto out;

	err = selinux_netlbl_sock_rcv_skb(sksec, skb, &ad);

	if (err)

		goto out;

	err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);

out:	

	return err;

		peer_sid = ssec->peer_sid;

	}

	else if (isec->sclass == SECCLASS_TCP_SOCKET) {

		peer_sid = selinux_netlbl_socket_getpeersec_stream(sock);

		if (peer_sid == SECSID_NULL)

			peer_sid = selinux_socket_getpeer_stream(sock->sk);

		if (peer_sid == SECSID_NULL) {

			err = -ENOPROTOOPT;

			goto out;

	if (sock && (sock->sk->sk_family == PF_UNIX))

		selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);

	else if (skb)

	else if (skb) {

		peer_secid = selinux_netlbl_socket_getpeersec_dgram(skb);

		if (peer_secid == SECSID_NULL)

			peer_secid = selinux_socket_getpeer_dgram(skb);

	}

	if (peer_secid == SECSID_NULL)

		err = -EINVAL;

	struct sk_security_struct *sksec = sk->sk_security;

	isec->sid = sksec->sid;

	selinux_netlbl_sock_graft(sk, parent);

}

int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,

{

	struct sk_security_struct *sksec = sk->sk_security;

	int err;

	u32 newsid = 0;

	u32 newsid;

	u32 peersid;

	newsid = selinux_netlbl_inet_conn_request(skb, sksec->sid);

	if (newsid != SECSID_NULL) {

		req->secid = newsid;

		return 0;

	}

	err = selinux_xfrm_decode_session(skb, &peersid, 0);

	BUG_ON(err);

	struct sock *sk;		/* back pointer to sk object */

	u32 sid;			/* SID of this object */

	u32 peer_sid;			/* SID of peer */

#ifdef CONFIG_NETLABEL

	u16 sclass;			/* sock security class */

	enum {				/* NetLabel state */

		NLBL_UNSET = 0,

		NLBL_REQUIRE,

		NLBL_LABELED,

	} nlbl_state;

#endif

};

struct key_security_struct {