selinux: register nf hooks with single nf_register_hooks call

Push ipv4 and ipv6 nf hooks into single array and register/unregister them via single call. Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Jiri Pirko <jiri@resnulli.us> 2014-09-03 11:42:13 -0400
committer: Paul Moore <pmoore@redhat.com> 2014-09-08 20:42:47 -0400
commit: 25db6bea1ff5a78ef493eefdcbb9c1d27134e560 (patch)
tree: 9d3784b924aad3fcccef0fa47287872995196b39
parent: a7a91a1928fe69cc98814cb746d5171ae14d757e (diff)
1 files changed, 10 insertions, 25 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e1e082796a49..50978d3183ea 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6071,7 +6071,7 @@ security_initcall(selinux_init);
 #if defined(CONFIG_NETFILTER)
-static struct nf_hook_ops selinux_ipv4_ops[] = {
+static struct nf_hook_ops selinux_nf_ops[] = {
        {
                .hook =         selinux_ipv4_postroute,
                .owner =        THIS_MODULE,
@@ -6092,12 +6092,8 @@ static struct nf_hook_ops selinux_ipv4_ops[] = {
                .pf =           NFPROTO_IPV4,
                .hooknum =      NF_INET_LOCAL_OUT,
                .priority =     NF_IP_PRI_SELINUX_FIRST,
-        }
+        },
-};
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static struct nf_hook_ops selinux_ipv6_ops[] = {
        {
                .hook =         selinux_ipv6_postroute,
                .owner =        THIS_MODULE,
@@ -6111,32 +6107,24 @@ static struct nf_hook_ops selinux_ipv6_ops[] = {
                .pf =           NFPROTO_IPV6,
                .hooknum =      NF_INET_FORWARD,
                .priority =     NF_IP6_PRI_SELINUX_FIRST,
-        }
+        },
-};
 #endif  /* IPV6 */
+};
 static int __init selinux_nf_ip_init(void)
 {
-        int err = 0;
+        int err;
        if (!selinux_enabled)
-                goto out;
+                return 0;
        printk(KERN_DEBUG "SELinux:  Registering netfilter hooks\n");
-        err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
+        err = nf_register_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
-        if (err)
-                panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-        err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
        if (err)
-                panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
+                panic("SELinux: nf_register_hooks: error %d\n", err);
-#endif  /* IPV6 */
-out:
+        return 0;
-        return err;
 }
 __initcall(selinux_nf_ip_init);
@@ -6146,10 +6134,7 @@ static void selinux_nf_ip_exit(void)
 {
        printk(KERN_DEBUG "SELinux:  Unregistering netfilter hooks\n");
-        nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
+        nf_unregister_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-        nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
-#endif  /* IPV6 */
 }
 #endif
author	Jiri Pirko <jiri@resnulli.us>	2014-09-03 11:42:13 -0400
committer	Paul Moore <pmoore@redhat.com>	2014-09-08 20:42:47 -0400
commit	25db6bea1ff5a78ef493eefdcbb9c1d27134e560 (patch)
tree	9d3784b924aad3fcccef0fa47287872995196b39
parent	a7a91a1928fe69cc98814cb746d5171ae14d757e (diff)