aboutsummaryrefslogtreecommitdiffstats
path: root/net/netlabel
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2007-06-07 21:37:15 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-06-08 16:33:09 -0400
commitba6ff9f2b5c6018b293bd21083ffaa5ad710e671 (patch)
tree7a868d3a1948ab9e1aaf7b6e64e114e0f790370d /net/netlabel
parent6363097cc4d182f93788131b5d8f72aa91d950a0 (diff)
[NetLabel]: consolidate the struct socket/sock handling to just struct sock
The current NetLabel code has some redundant APIs which allow both "struct socket" and "struct sock" types to be used; this may have made sense at some point but it is wasteful now. Remove the functions that operate on sockets and convert the callers. Not only does this make the code smaller and more consistent but it pushes the locking burden up to the caller which can be more intelligent about the locks. Also, perform the same conversion (socket to sock) on the SELinux/NetLabel glue code where it make sense. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlabel')
-rw-r--r--net/netlabel/netlabel_kapi.c43
1 files changed, 9 insertions, 34 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index f2535e7f286..b165712aaa7 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -246,19 +246,18 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap,
246 246
247/** 247/**
248 * netlbl_socket_setattr - Label a socket using the correct protocol 248 * netlbl_socket_setattr - Label a socket using the correct protocol
249 * @sock: the socket to label 249 * @sk: the socket to label
250 * @secattr: the security attributes 250 * @secattr: the security attributes
251 * 251 *
252 * Description: 252 * Description:
253 * Attach the correct label to the given socket using the security attributes 253 * Attach the correct label to the given socket using the security attributes
254 * specified in @secattr. This function requires exclusive access to 254 * specified in @secattr. This function requires exclusive access to @sk,
255 * @sock->sk, which means it either needs to be in the process of being 255 * which means it either needs to be in the process of being created or locked.
256 * created or locked via lock_sock(sock->sk). Returns zero on success, 256 * Returns zero on success, negative values on failure.
257 * negative values on failure.
258 * 257 *
259 */ 258 */
260int netlbl_socket_setattr(const struct socket *sock, 259int netlbl_sock_setattr(struct sock *sk,
261 const struct netlbl_lsm_secattr *secattr) 260 const struct netlbl_lsm_secattr *secattr)
262{ 261{
263 int ret_val = -ENOENT; 262 int ret_val = -ENOENT;
264 struct netlbl_dom_map *dom_entry; 263 struct netlbl_dom_map *dom_entry;
@@ -269,9 +268,9 @@ int netlbl_socket_setattr(const struct socket *sock,
269 goto socket_setattr_return; 268 goto socket_setattr_return;
270 switch (dom_entry->type) { 269 switch (dom_entry->type) {
271 case NETLBL_NLTYPE_CIPSOV4: 270 case NETLBL_NLTYPE_CIPSOV4:
272 ret_val = cipso_v4_socket_setattr(sock, 271 ret_val = cipso_v4_sock_setattr(sk,
273 dom_entry->type_def.cipsov4, 272 dom_entry->type_def.cipsov4,
274 secattr); 273 secattr);
275 break; 274 break;
276 case NETLBL_NLTYPE_UNLABELED: 275 case NETLBL_NLTYPE_UNLABELED:
277 ret_val = 0; 276 ret_val = 0;
@@ -309,30 +308,6 @@ int netlbl_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr)
309} 308}
310 309
311/** 310/**
312 * netlbl_socket_getattr - Determine the security attributes of a socket
313 * @sock: the socket
314 * @secattr: the security attributes
315 *
316 * Description:
317 * Examines the given socket to see any NetLabel style labeling has been
318 * applied to the socket, if so it parses the socket label and returns the
319 * security attributes in @secattr. Returns zero on success, negative values
320 * on failure.
321 *
322 */
323int netlbl_socket_getattr(const struct socket *sock,
324 struct netlbl_lsm_secattr *secattr)
325{
326 int ret_val;
327
328 ret_val = cipso_v4_socket_getattr(sock, secattr);
329 if (ret_val == 0)
330 return 0;
331
332 return netlbl_unlabel_getattr(secattr);
333}
334
335/**
336 * netlbl_skbuff_getattr - Determine the security attributes of a packet 311 * netlbl_skbuff_getattr - Determine the security attributes of a packet
337 * @skb: the packet 312 * @skb: the packet
338 * @secattr: the security attributes 313 * @secattr: the security attributes