-static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
-{
- return security_sid_to_context(secid, secdata, seclen);
-}
-
-static void selinux_release_secctx(char *secdata, u32 seclen)
-{
- if (secdata)
- kfree(secdata);
-}
-
-#ifdef CONFIG_KEYS
-
-static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
- unsigned long flags)
-{
- struct task_security_struct *tsec = tsk->security;
- struct key_security_struct *ksec;
-
- ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
- if (!ksec)
- return -ENOMEM;
-
- ksec->obj = k;
- if (tsec->keycreate_sid)
- ksec->sid = tsec->keycreate_sid;
- else
- ksec->sid = tsec->sid;
- k->security = ksec;
-
- return 0;
-}
-
-static void selinux_key_free(struct key *k)
-{
- struct key_security_struct *ksec = k->security;
-
- k->security = NULL;
- kfree(ksec);
-}
-
-static int selinux_key_permission(key_ref_t key_ref,
- struct task_struct *ctx,
- key_perm_t perm)
-{
- struct key *key;
- struct task_security_struct *tsec;
- struct key_security_struct *ksec;
-
- key = key_ref_to_ptr(key_ref);
-
- tsec = ctx->security;
- ksec = key->security;
-
- /* if no specific permissions are requested, we skip the
- permission check. No serious, additional covert channels
- appear to be created. */
- if (perm == 0)
- return 0;
-
- return avc_has_perm(tsec->sid, ksec->sid,
- SECCLASS_KEY, perm, NULL);
-}
-
-#endif
-