SELinux: peer secid consolidation for external network labeling

Now that labeled IPsec makes use of the peer_sid field in the
sk_security_struct we can remove a lot of the special cases between labeled
IPsec and NetLabel.  In addition, create a new function,
security_skb_extlbl_sid(), which we can use in several places to get the
security context of the packet's external label which allows us to further
simplify the code in a few places.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 0 insertions, 33 deletions

diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 9b777140068..bd8d1ef40a9 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -372,39 +372,6 @@ void selinux_xfrm_state_free(struct xfrm_state *x)
                 kfree(ctx);
 }
 
-/*
- * SELinux internal function to retrieve the context of a UDP packet
- * based on its security association.
- *
- * Retrieve via setsockopt IP_PASSSEC and recvmsg with control message
- * type SCM_SECURITY.
- */
-u32 selinux_socket_getpeer_dgram(struct sk_buff *skb)
-{
-        struct sec_path *sp;
-
-        if (skb == NULL)
-                return SECSID_NULL;
-
-        if (skb->sk->sk_protocol != IPPROTO_UDP)
-                return SECSID_NULL;
-
-        sp = skb->sp;
-        if (sp) {
-                int i;
-
-                for (i = sp->len-1; i >= 0; i--) {
-                        struct xfrm_state *x = sp->xvec[i];
-                        if (selinux_authorizable_xfrm(x)) {
-                                struct xfrm_sec_ctx *ctx = x->security;
-                                return ctx->ctx_sid;
-                        }
-                }
-        }
-
-        return SECSID_NULL;
-}
-
  /*
   * LSM hook implementation that authorizes deletion of labeled SAs.
   */