Re: [RFC][PATCH] collect security labels on user processes generating audit messages
On Fri, 2006-02-17 at 14:58 -0600, Timothy R. Chavez wrote:
Thanks Darrel! New patch attached... so... assuming this is good...
how
are we going to do this API merger :] ?
+/**
+ * selinux_task_getsecid - return the SID of task
+ * @tsk: the task whose SID will be returned
+ *
+ * Returns 0 if SELinux is disabled, otherwise the SID is returned.
+ */
+int selinux_task_getsecid(struct task_struct *tsk);
Ryan noticed that you didn't update this to return u32 yet, unlike the
#else case.
+u32 selinux_task_getsecid(struct task_struct *tsk)
+{
+ u32 sid = 0;
+
+ if (ss_initialized)
+ sid = ((struct task_security_struct *)tsk->security)->sid;
+
+ return sid;
+}
You don't strictly need to check ss_initialized in this function; all
tasks are assigned the kernel SID until policy is loaded, so you can
always access the SID. As a matter of style, I'd prefer an explicit
task_security_struct* local variable with separate assignment, i.e.
struct task_security_struct *tsec = tsk->security;
sid = tsec->sid;
--
Stephen Smalley
National Security Agency