diff options
author | Paul Moore <paul.moore@hp.com> | 2007-06-07 21:37:15 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-06-08 16:33:09 -0400 |
commit | ba6ff9f2b5c6018b293bd21083ffaa5ad710e671 (patch) | |
tree | 7a868d3a1948ab9e1aaf7b6e64e114e0f790370d /net/ipv4 | |
parent | 6363097cc4d182f93788131b5d8f72aa91d950a0 (diff) |
[NetLabel]: consolidate the struct socket/sock handling to just struct sock
The current NetLabel code has some redundant APIs which allow both
"struct socket" and "struct sock" types to be used; this may have made
sense at some point but it is wasteful now. Remove the functions that
operate on sockets and convert the callers. Not only does this make
the code smaller and more consistent but it pushes the locking burden
up to the caller which can be more intelligent about the locks. Also,
perform the same conversion (socket to sock) on the SELinux/NetLabel
glue code where it make sense.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/cipso_ipv4.c | 41 |
1 files changed, 8 insertions, 33 deletions
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 86a2b52aad38..fc839f9148ec 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c | |||
@@ -1709,22 +1709,22 @@ void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway) | |||
1709 | } | 1709 | } |
1710 | 1710 | ||
1711 | /** | 1711 | /** |
1712 | * cipso_v4_socket_setattr - Add a CIPSO option to a socket | 1712 | * cipso_v4_sock_setattr - Add a CIPSO option to a socket |
1713 | * @sock: the socket | 1713 | * @sk: the socket |
1714 | * @doi_def: the CIPSO DOI to use | 1714 | * @doi_def: the CIPSO DOI to use |
1715 | * @secattr: the specific security attributes of the socket | 1715 | * @secattr: the specific security attributes of the socket |
1716 | * | 1716 | * |
1717 | * Description: | 1717 | * Description: |
1718 | * Set the CIPSO option on the given socket using the DOI definition and | 1718 | * Set the CIPSO option on the given socket using the DOI definition and |
1719 | * security attributes passed to the function. This function requires | 1719 | * security attributes passed to the function. This function requires |
1720 | * exclusive access to @sock->sk, which means it either needs to be in the | 1720 | * exclusive access to @sk, which means it either needs to be in the |
1721 | * process of being created or locked via lock_sock(sock->sk). Returns zero on | 1721 | * process of being created or locked. Returns zero on success and negative |
1722 | * success and negative values on failure. | 1722 | * values on failure. |
1723 | * | 1723 | * |
1724 | */ | 1724 | */ |
1725 | int cipso_v4_socket_setattr(const struct socket *sock, | 1725 | int cipso_v4_sock_setattr(struct sock *sk, |
1726 | const struct cipso_v4_doi *doi_def, | 1726 | const struct cipso_v4_doi *doi_def, |
1727 | const struct netlbl_lsm_secattr *secattr) | 1727 | const struct netlbl_lsm_secattr *secattr) |
1728 | { | 1728 | { |
1729 | int ret_val = -EPERM; | 1729 | int ret_val = -EPERM; |
1730 | u32 iter; | 1730 | u32 iter; |
@@ -1732,7 +1732,6 @@ int cipso_v4_socket_setattr(const struct socket *sock, | |||
1732 | u32 buf_len = 0; | 1732 | u32 buf_len = 0; |
1733 | u32 opt_len; | 1733 | u32 opt_len; |
1734 | struct ip_options *opt = NULL; | 1734 | struct ip_options *opt = NULL; |
1735 | struct sock *sk; | ||
1736 | struct inet_sock *sk_inet; | 1735 | struct inet_sock *sk_inet; |
1737 | struct inet_connection_sock *sk_conn; | 1736 | struct inet_connection_sock *sk_conn; |
1738 | 1737 | ||
@@ -1740,7 +1739,6 @@ int cipso_v4_socket_setattr(const struct socket *sock, | |||
1740 | * defined yet but it is not a problem as the only users of these | 1739 | * defined yet but it is not a problem as the only users of these |
1741 | * "lite" PF_INET sockets are functions which do an accept() call | 1740 | * "lite" PF_INET sockets are functions which do an accept() call |
1742 | * afterwards so we will label the socket as part of the accept(). */ | 1741 | * afterwards so we will label the socket as part of the accept(). */ |
1743 | sk = sock->sk; | ||
1744 | if (sk == NULL) | 1742 | if (sk == NULL) |
1745 | return 0; | 1743 | return 0; |
1746 | 1744 | ||
@@ -1892,29 +1890,6 @@ int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr) | |||
1892 | } | 1890 | } |
1893 | 1891 | ||
1894 | /** | 1892 | /** |
1895 | * cipso_v4_socket_getattr - Get the security attributes from a socket | ||
1896 | * @sock: the socket | ||
1897 | * @secattr: the security attributes | ||
1898 | * | ||
1899 | * Description: | ||
1900 | * Query @sock to see if there is a CIPSO option attached to the socket and if | ||
1901 | * there is return the CIPSO security attributes in @secattr. Returns zero on | ||
1902 | * success and negative values on failure. | ||
1903 | * | ||
1904 | */ | ||
1905 | int cipso_v4_socket_getattr(const struct socket *sock, | ||
1906 | struct netlbl_lsm_secattr *secattr) | ||
1907 | { | ||
1908 | int ret_val; | ||
1909 | |||
1910 | lock_sock(sock->sk); | ||
1911 | ret_val = cipso_v4_sock_getattr(sock->sk, secattr); | ||
1912 | release_sock(sock->sk); | ||
1913 | |||
1914 | return ret_val; | ||
1915 | } | ||
1916 | |||
1917 | /** | ||
1918 | * cipso_v4_skbuff_getattr - Get the security attributes from the CIPSO option | 1893 | * cipso_v4_skbuff_getattr - Get the security attributes from the CIPSO option |
1919 | * @skb: the packet | 1894 | * @skb: the packet |
1920 | * @secattr: the security attributes | 1895 | * @secattr: the security attributes |