Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux into ra-next

author: James Morris <james.l.morris@oracle.com> 2013-10-22 07:26:41 -0400
committer: James Morris <james.l.morris@oracle.com> 2013-10-22 07:26:41 -0400
commit: 6f799c97f37fc0ee2c9c427fa0dada637394886c (patch)
tree: 1953a953770b8047a95ef4d431bb693433922043 /include
parent: eb8948a03704f3dbbfc7e83090e20e93c6c476d2 (diff)
parent: 42d64e1add3a1ce8a787116036163b8724362145 (diff)
1 files changed, 18 insertions, 8 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 9d37e2b9d3ec..5623a7f965b7 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1052,17 +1052,25 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 * @xfrm_policy_delete_security:
 *      @ctx contains the xfrm_sec_ctx.
 *      Authorize deletion of xp->security.
- * @xfrm_state_alloc_security:
+ * @xfrm_state_alloc:
 *      @x contains the xfrm_state being added to the Security Association
 *      Database by the XFRM system.
 *      @sec_ctx contains the security context information being provided by
 *      the user-level SA generation program (e.g., setkey or racoon).
- *      @secid contains the secid from which to take the mls portion of the context.
 *      Allocate a security structure to the x->security field; the security
 *      field is initialized to NULL when the xfrm_state is allocated. Set the
- *      context to correspond to either sec_ctx or polsec, with the mls portion
+ *      context to correspond to sec_ctx. Return 0 if operation was successful
- *      taken from secid in the latter case.
+ *      (memory to allocate, legal context).
- *      Return 0 if operation was successful (memory to allocate, legal context).
+ * @xfrm_state_alloc_acquire:
+ *      @x contains the xfrm_state being added to the Security Association
+ *      Database by the XFRM system.
+ *      @polsec contains the policy's security context.
+ *      @secid contains the secid from which to take the mls portion of the
+ *      context.
+ *      Allocate a security structure to the x->security field; the security
+ *      field is initialized to NULL when the xfrm_state is allocated. Set the
+ *      context to correspond to secid. Return 0 if operation was successful
+ *      (memory to allocate, legal context).
 * @xfrm_state_free_security:
 *      @x contains the xfrm_state.
 *      Deallocate x->security.
@@ -1679,9 +1687,11 @@ struct security_operations {
        int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
        void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
        int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
-        int (*xfrm_state_alloc_security) (struct xfrm_state *x,
+        int (*xfrm_state_alloc) (struct xfrm_state *x,
-                struct xfrm_user_sec_ctx *sec_ctx,
+                                 struct xfrm_user_sec_ctx *sec_ctx);
-                u32 secid);
+        int (*xfrm_state_alloc_acquire) (struct xfrm_state *x,
+                                         struct xfrm_sec_ctx *polsec,
+                                         u32 secid);
        void (*xfrm_state_free_security) (struct xfrm_state *x);
        int (*xfrm_state_delete_security) (struct xfrm_state *x);
        int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
author	James Morris <james.l.morris@oracle.com>	2013-10-22 07:26:41 -0400
committer	James Morris <james.l.morris@oracle.com>	2013-10-22 07:26:41 -0400
commit	6f799c97f37fc0ee2c9c427fa0dada637394886c (patch)
tree	1953a953770b8047a95ef4d431bb693433922043 /include
parent	eb8948a03704f3dbbfc7e83090e20e93c6c476d2 (diff)
parent	42d64e1add3a1ce8a787116036163b8724362145 (diff)