selinux_socket_connect

Name:This supports connect(2) and SCTP connect services such as sctp_connectx(3)* and sctp_sendmsg(3) as described in Documentation/security/SCTP.rst

Proto:static int selinux_socket_connect_helper(struct socket *sock, struct sockaddr *address, int addrlen)

Type:int

Parameter:

Type	Parameter	Name
struct socket *	sock
struct sockaddr *	address
int	addrlen

4737

struct lsm_network_audit net = {0, }

4738

struct sockaddr_in * addr4 = NULL

4739

struct sockaddr_in6 * addr6 = NULL

4749

Case address family, AF_xxx == Internet IP Protocol

4750

addr4 = address

4751

If addrlen < sizeof(structsockaddr_in) Then Return -EINVAL

4753

snum = ntohs( Port number )

4754

Break

4755

Case address family, AF_xxx == IP version 6

4756

addr6 = address

4757

If addrlen < SIN6_LEN_RFC2133 Then Return -EINVAL

4759

snum = ntohs( Transport layer port # )

4760

Break

4761

Default

4765

If sock security class == SECCLASS_SCTP_SOCKET Then Return -EINVAL

4767

Else Return -EAFNOSUPPORT

4771

err = sel_netport_sid(sk_protocol, snum, & sid)

4772

If err Then Return err

4776

Case sock security class == SECCLASS_TCP_SOCKET

4777

perm = TCP_SOCKET__NAME_CONNECT

4778

Break

4779

Case sock security class == SECCLASS_DCCP_SOCKET

4780

perm = DCCP_SOCKET__NAME_CONNECT

4781

Break

4782

Case sock security class == SECCLASS_SCTP_SOCKET

4783

perm = SCTP_SOCKET__NAME_CONNECT

4784

Break

4787

type = LSM_AUDIT_DATA_NET

4788

net = net

4789

dport = htons(snum)

4790

family = address family, AF_xxx

4791

err = avc_has_perm - Check permissions and perform any appropriate auditing

4793

If err Then Return err

**Caller**
Name	Describe
selinux_socket_connect	Supports connect(2), see comments in selinux_socket_connect_helper()
selinux_sctp_bind_connect	Check if sctp IPv4/IPv6 addresses are valid for binding or connecting* based on their @optname.

Function report