diff options
author | Paul Moore <paul.moore@hp.com> | 2009-03-27 17:10:54 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-03-28 00:01:37 -0400 |
commit | 07feee8f812f7327a46186f7604df312c8c81962 (patch) | |
tree | 73eac643b60532aa82d7680a7de193ba2b62eddd /include/net | |
parent | 8651d5c0b1f874c5b8307ae2b858bc40f9f02482 (diff) |
netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections
This patch cleans up a lot of the Smack network access control code. The
largest changes are to fix the labeling of incoming TCP connections in a
manner similar to the recent SELinux changes which use the
security_inet_conn_request() hook to label the request_sock and let the label
move to the child socket via the normal network stack mechanisms. In addition
to the incoming TCP connection fixes this patch also removes the smk_labled
field from the socket_smack struct as the minor optimization advantage was
outweighed by the difficulty in maintaining it's proper state.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netlabel.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index bdb10e5183d5..60ebbc1fef46 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h | |||
@@ -417,6 +417,7 @@ int netlbl_conn_setattr(struct sock *sk, | |||
417 | const struct netlbl_lsm_secattr *secattr); | 417 | const struct netlbl_lsm_secattr *secattr); |
418 | int netlbl_req_setattr(struct request_sock *req, | 418 | int netlbl_req_setattr(struct request_sock *req, |
419 | const struct netlbl_lsm_secattr *secattr); | 419 | const struct netlbl_lsm_secattr *secattr); |
420 | void netlbl_req_delattr(struct request_sock *req); | ||
420 | int netlbl_skbuff_setattr(struct sk_buff *skb, | 421 | int netlbl_skbuff_setattr(struct sk_buff *skb, |
421 | u16 family, | 422 | u16 family, |
422 | const struct netlbl_lsm_secattr *secattr); | 423 | const struct netlbl_lsm_secattr *secattr); |
@@ -547,6 +548,10 @@ static inline int netlbl_req_setattr(struct request_sock *req, | |||
547 | { | 548 | { |
548 | return -ENOSYS; | 549 | return -ENOSYS; |
549 | } | 550 | } |
551 | static inline void netlbl_req_delattr(struct request_sock *req) | ||
552 | { | ||
553 | return; | ||
554 | } | ||
550 | static inline int netlbl_skbuff_setattr(struct sk_buff *skb, | 555 | static inline int netlbl_skbuff_setattr(struct sk_buff *skb, |
551 | u16 family, | 556 | u16 family, |
552 | const struct netlbl_lsm_secattr *secattr) | 557 | const struct netlbl_lsm_secattr *secattr) |