An analysis of the existing system calls revealed that the extended forms of the file status system calls could be implemented without adding new system calls. An unused field in each of the existing struct stat and struct statfs types is used to return the SID to applications. However, this approach was complicated by the need to perform conversion between the structure used by the kernel and the structure used by applications, which is ordinarily handled by the GNU C library. The existing conversion function does not preserve the unused fields. Hence, a separate library function was created that directly invokes the system call and converts the structure itself to avoid losing the SID.
Internally, the Linux file system component uses a variant of the Virtual File System (VFS) interface. Extended forms of the file creation operations were added to this interface to permit the filesystem-independent code to pass the SID of the new file to the filesystem-specific code. New operations would not have been necessary if the existing file creation operations accepted a general attribute structure as a parameter, as in the BSD VFS interface.
SID parameters needed to be added to several internal functions to support the new system calls. Some of these internal functions are called from many different locations within the kernel and may be called from kernel-loaded modules. Consequently, it was not practical to simply change the existing function and update all calls to it. For such functions, _secure was appended to the function name, and the interface and implementation of the function were extended for the new processing. A stub function that merely calls the new function with default parameters was added using the old function name and interface. This permits the existing code to continue to use the old function interface, but introduces the overhead of an extra function call in these cases.