NetLabel: make netlbl_lsm_secattr struct easier/quicker to understand

The existing netlbl_lsm_secattr struct required the LSM to check all of the
fields to determine if any security attributes were present resulting in a lot
of work in the common case of no attributes.  This patch adds a 'flags' field
which is used to indicate which attributes are present in the structure; this
should allow the LSM to do a quick comparison to determine if the structure
holds any security attributes.

Example:

 if (netlbl_lsm_secattr->flags)
	/* security attributes present */
 else
	/* NO security attributes present */

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 4 insertions, 1 deletions

diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index ff971103fd0c..da2f1975a042 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -62,6 +62,9 @@ int netlbl_socket_setattr(const struct socket *sock,
         int ret_val = -ENOENT;
         struct netlbl_dom_map *dom_entry;
 
+        if ((secattr->flags & NETLBL_SECATTR_DOMAIN) == 0)
+                return -ENOENT;
+
         rcu_read_lock();
         dom_entry = netlbl_domhsh_getentry(secattr->domain);
         if (dom_entry == NULL)
@@ -200,7 +203,7 @@ void netlbl_cache_invalidate(void)
 int netlbl_cache_add(const struct sk_buff *skb,
                      const struct netlbl_lsm_secattr *secattr)
 {
-        if (secattr->cache == NULL)
+        if ((secattr->flags & NETLBL_SECATTR_CACHE) == 0)
                 return -ENOMSG;
 
         if (CIPSO_V4_OPTEXIST(skb))