diff options
author | Venkat Yekkirala <vyekkirala@TrustedCS.com> | 2006-07-28 01:01:34 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:53:30 -0400 |
commit | a51c64f1e5c2876eab2a32955acd9e8015c91c15 (patch) | |
tree | 1cc49c6ee7a3135ea000956e5fef41ff4c8e2ebe | |
parent | 4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf (diff) |
[MLSXFRM]: Fix build with SECURITY_NETWORK_XFRM disabled.
The following patch will fix the build problem (encountered by Andrew
Morton) when SECURITY_NETWORK_XFRM is not enabled.
As compared to git-net-selinux_xfrm_decode_session-build-fix.patch in
-mm, this patch sets the return parameter sid to SECSID_NULL in
selinux_xfrm_decode_session() and handles this value in the caller
selinux_inet_conn_request() appropriately.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | security/selinux/hooks.c | 5 | ||||
-rw-r--r-- | security/selinux/include/xfrm.h | 7 |
2 files changed, 11 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1dc935f7b919..33028b3b19ce 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -3591,6 +3591,11 @@ int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb, | |||
3591 | err = selinux_xfrm_decode_session(skb, &peersid, 0); | 3591 | err = selinux_xfrm_decode_session(skb, &peersid, 0); |
3592 | BUG_ON(err); | 3592 | BUG_ON(err); |
3593 | 3593 | ||
3594 | if (peersid == SECSID_NULL) { | ||
3595 | req->secid = sksec->sid; | ||
3596 | return 0; | ||
3597 | } | ||
3598 | |||
3594 | err = security_sid_mls_copy(sksec->sid, peersid, &newsid); | 3599 | err = security_sid_mls_copy(sksec->sid, peersid, &newsid); |
3595 | if (err) | 3600 | if (err) |
3596 | return err; | 3601 | return err; |
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index 1822c73e5085..81eb59890162 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h | |||
@@ -20,7 +20,6 @@ int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir); | |||
20 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, | 20 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, |
21 | struct xfrm_policy *xp, struct flowi *fl); | 21 | struct xfrm_policy *xp, struct flowi *fl); |
22 | int selinux_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm); | 22 | int selinux_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm); |
23 | int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall); | ||
24 | 23 | ||
25 | 24 | ||
26 | /* | 25 | /* |
@@ -41,6 +40,7 @@ int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, | |||
41 | struct avc_audit_data *ad); | 40 | struct avc_audit_data *ad); |
42 | u32 selinux_socket_getpeer_stream(struct sock *sk); | 41 | u32 selinux_socket_getpeer_stream(struct sock *sk); |
43 | u32 selinux_socket_getpeer_dgram(struct sk_buff *skb); | 42 | u32 selinux_socket_getpeer_dgram(struct sk_buff *skb); |
43 | int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); | ||
44 | #else | 44 | #else |
45 | static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, | 45 | static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, |
46 | struct avc_audit_data *ad) | 46 | struct avc_audit_data *ad) |
@@ -63,6 +63,11 @@ static inline int selinux_socket_getpeer_dgram(struct sk_buff *skb) | |||
63 | { | 63 | { |
64 | return SECSID_NULL; | 64 | return SECSID_NULL; |
65 | } | 65 | } |
66 | static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) | ||
67 | { | ||
68 | *sid = SECSID_NULL; | ||
69 | return 0; | ||
70 | } | ||
66 | #endif | 71 | #endif |
67 | 72 | ||
68 | #endif /* _SELINUX_XFRM_H_ */ | 73 | #endif /* _SELINUX_XFRM_H_ */ |