selinux_socket

Name:Range of port numbers used to automatically bind.Need to determine whether we should perform a name_bindpermission check between the socket and the port number.

Proto:static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)

Type:int

Parameter:

Type	Parameter	Name
struct socket *	sock
struct sockaddr *	address
int	addrlen

4592

struct lsm_network_audit net = {0, }

4593

struct sockaddr_in * addr4 = NULL

4594

struct sockaddr_in6 * addr6 = NULL

4605

If addrlen < get the member end offset of(structsockaddr, sa_family) Then Return -EINVAL

4607

family_sa = address family, AF_xxx

4609

Case family_sa == Supported address families.

4610

Case family_sa == Internet IP Protocol

4611

If addrlen < sizeof(structsockaddr_in) Then Return -EINVAL

4613

addr4 = address

4614

If family_sa == Supported address families. Then

4618

If s_addr != htonl(Address to accept any incoming messages. ) Then Go to err_af

4620

family_sa = Internet IP Protocol

4622

snum = ntohs( Port number )

4623

addrp = (char * ) & s_addr

4624

Break

4625

Case family_sa == IP version 6

4626

If addrlen < SIN6_LEN_RFC2133 Then Return -EINVAL

4628

addr6 = address

4629

snum = ntohs( Transport layer port # )

4630

addrp = (char * ) & s6_addr

4631

Break

4632

Default

4633

Go to err_af

4636

type = LSM_AUDIT_DATA_NET

4637

net = net

4638

sport = htons(snum)

4639

family = family_sa

4641

If snum Then

4644

inet_get_local_port_range(sock_net(sk), & low, & high)

4646

If inet_port_requires_bind_service(sock_net(sk), snum) || snum < low || snum > high Then

4648

err = sel_netport_sid(sk_protocol, snum, & sid)

4650

If err Then Go to out

4652

err = avc_has_perm - Check permissions and perform any appropriate auditing

4656

If err Then Go to out

4662

Case sock security class == SECCLASS_TCP_SOCKET

4663

node_perm = TCP_SOCKET__NODE_BIND

4664

Break

4666

Case sock security class == SECCLASS_UDP_SOCKET

4667

node_perm = UDP_SOCKET__NODE_BIND

4668

Break

4670

Case sock security class == SECCLASS_DCCP_SOCKET

4671

node_perm = DCCP_SOCKET__NODE_BIND

4672

Break

4674

Case sock security class == SECCLASS_SCTP_SOCKET

4675

node_perm = SCTP_SOCKET__NODE_BIND

4676

Break

4678

Default

4679

node_perm = RAWIP_SOCKET__NODE_BIND

4680

Break

4683

err = sel_netnode_sid(addrp, family_sa, & sid)

4684

If err Then Go to out

4687

If family_sa == Internet IP Protocol Then saddr = s_addr

4689

Else saddr = IPv6 address

4692

err = avc_has_perm - Check permissions and perform any appropriate auditing

4695

If err Then Go to out

4698

out :

4699

Return err

4700

err_af :

4702

If sock security class == SECCLASS_SCTP_SOCKET Then Return -EINVAL

4704

Return -EAFNOSUPPORT

**Caller**
Name	Describe
selinux_sctp_bind_connect	Check if sctp IPv4/IPv6 addresses are valid for binding or connecting* based on their @optname.

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report