diff options
author | Paul Moore <paul.moore@hp.com> | 2009-03-27 17:10:54 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-03-28 00:01:37 -0400 |
commit | 07feee8f812f7327a46186f7604df312c8c81962 (patch) | |
tree | 73eac643b60532aa82d7680a7de193ba2b62eddd /net/netlabel/netlabel_kapi.c | |
parent | 8651d5c0b1f874c5b8307ae2b858bc40f9f02482 (diff) |
netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections
This patch cleans up a lot of the Smack network access control code. The
largest changes are to fix the labeling of incoming TCP connections in a
manner similar to the recent SELinux changes which use the
security_inet_conn_request() hook to label the request_sock and let the label
move to the child socket via the normal network stack mechanisms. In addition
to the incoming TCP connection fixes this patch also removes the smk_labled
field from the socket_smack struct as the minor optimization advantage was
outweighed by the difficulty in maintaining it's proper state.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/netlabel/netlabel_kapi.c')
-rw-r--r-- | net/netlabel/netlabel_kapi.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index cae2f5f4cac0..b0e582f2d37a 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c | |||
@@ -861,6 +861,19 @@ req_setattr_return: | |||
861 | } | 861 | } |
862 | 862 | ||
863 | /** | 863 | /** |
864 | * netlbl_req_delattr - Delete all the NetLabel labels on a socket | ||
865 | * @req: the socket | ||
866 | * | ||
867 | * Description: | ||
868 | * Remove all the NetLabel labeling from @req. | ||
869 | * | ||
870 | */ | ||
871 | void netlbl_req_delattr(struct request_sock *req) | ||
872 | { | ||
873 | cipso_v4_req_delattr(req); | ||
874 | } | ||
875 | |||
876 | /** | ||
864 | * netlbl_skbuff_setattr - Label a packet using the correct protocol | 877 | * netlbl_skbuff_setattr - Label a packet using the correct protocol |
865 | * @skb: the packet | 878 | * @skb: the packet |
866 | * @family: protocol family | 879 | * @family: protocol family |