aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2009-03-27 17:10:54 -0400
committerJames Morris <jmorris@namei.org>2009-03-28 00:01:37 -0400
commit07feee8f812f7327a46186f7604df312c8c81962 (patch)
tree73eac643b60532aa82d7680a7de193ba2b62eddd /include
parent8651d5c0b1f874c5b8307ae2b858bc40f9f02482 (diff)
netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections
This patch cleans up a lot of the Smack network access control code. The largest changes are to fix the labeling of incoming TCP connections in a manner similar to the recent SELinux changes which use the security_inet_conn_request() hook to label the request_sock and let the label move to the child socket via the normal network stack mechanisms. In addition to the incoming TCP connection fixes this patch also removes the smk_labled field from the socket_smack struct as the minor optimization advantage was outweighed by the difficulty in maintaining it's proper state. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include')
-rw-r--r--include/net/netlabel.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index bdb10e5183d5..60ebbc1fef46 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -417,6 +417,7 @@ int netlbl_conn_setattr(struct sock *sk,
417 const struct netlbl_lsm_secattr *secattr); 417 const struct netlbl_lsm_secattr *secattr);
418int netlbl_req_setattr(struct request_sock *req, 418int netlbl_req_setattr(struct request_sock *req,
419 const struct netlbl_lsm_secattr *secattr); 419 const struct netlbl_lsm_secattr *secattr);
420void netlbl_req_delattr(struct request_sock *req);
420int netlbl_skbuff_setattr(struct sk_buff *skb, 421int netlbl_skbuff_setattr(struct sk_buff *skb,
421 u16 family, 422 u16 family,
422 const struct netlbl_lsm_secattr *secattr); 423 const struct netlbl_lsm_secattr *secattr);
@@ -547,6 +548,10 @@ static inline int netlbl_req_setattr(struct request_sock *req,
547{ 548{
548 return -ENOSYS; 549 return -ENOSYS;
549} 550}
551static inline void netlbl_req_delattr(struct request_sock *req)
552{
553 return;
554}
550static inline int netlbl_skbuff_setattr(struct sk_buff *skb, 555static inline int netlbl_skbuff_setattr(struct sk_buff *skb,
551 u16 family, 556 u16 family,
552 const struct netlbl_lsm_secattr *secattr) 557 const struct netlbl_lsm_secattr *secattr)