selinux: add security_sid_to_context_type() function

security_sid_to_context() returns context type in the stringified form.
2023-09-03 17:43:43 +03:00 · 2023-09-03 17:43:43 +03:00 · 16e5331962
commit 16e5331962
parent 9c6c01a0bd
2 changed files with 31 additions and 0 deletions
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@ -329,6 +329,8 @@ int security_change_sid(struct selinux_state *state, u32 ssid, u32 tsid,
 int security_sid_to_context(struct selinux_state *state, u32 sid,
 			    char **scontext, u32 *scontext_len);

+int security_sid_to_context_type(struct selinux_state *state, u32 sid, u32 *out);
+
 int security_sid_to_context_force(struct selinux_state *state,
 				  u32 sid, char **scontext, u32 *scontext_len);

--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@ -1386,6 +1386,35 @@ out_unlock:

 }

+// based on security_sid_to_context_core() above
+int security_sid_to_context_type(struct selinux_state *state, u32 sid, u32 *out)
+{
+	struct selinux_policy *policy;
+	struct policydb *policydb;
+	struct sidtab *sidtab;
+	struct sidtab_entry *entry;
+	int rc = 0;
+
+	rcu_read_lock();
+	policy = rcu_dereference(state->policy);
+	policydb = &policy->policydb;
+	sidtab = policy->sidtab;
+
+	entry = sidtab_search_entry(sidtab, sid);
+
+	if (!entry) {
+		pr_err("SELinux: %s:  unrecognized SID %d\n", __func__, sid);
+		rc = -EINVAL;
+		goto out_unlock;
+	}
+
+	*out = entry->context.type;
+
+out_unlock:
+	rcu_read_unlock();
+	return rc;
+}
+
 /**
 * security_sid_to_context - Obtain a context for a given SID.
 * @sid: security identifier, SID