diff options
author | Paul Moore <paul.moore@hp.com> | 2006-11-17 17:38:46 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 00:24:07 -0500 |
commit | 701a90bad99b8081a824cca52c178c8fc8f46bb2 (patch) | |
tree | 5fed88e6707e9122d7f16e4c5d8fea7c69e090ac /net/netlabel | |
parent | c6fa82a9dd6160e0bc980cb0401c16bf62f2fe66 (diff) |
NetLabel: make netlbl_lsm_secattr struct easier/quicker to understand
The existing netlbl_lsm_secattr struct required the LSM to check all of the
fields to determine if any security attributes were present resulting in a lot
of work in the common case of no attributes. This patch adds a 'flags' field
which is used to indicate which attributes are present in the structure; this
should allow the LSM to do a quick comparison to determine if the structure
holds any security attributes.
Example:
if (netlbl_lsm_secattr->flags)
/* security attributes present */
else
/* NO security attributes present */
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/netlabel')
-rw-r--r-- | net/netlabel/netlabel_kapi.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index ff971103fd0c..da2f1975a042 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c | |||
@@ -62,6 +62,9 @@ int netlbl_socket_setattr(const struct socket *sock, | |||
62 | int ret_val = -ENOENT; | 62 | int ret_val = -ENOENT; |
63 | struct netlbl_dom_map *dom_entry; | 63 | struct netlbl_dom_map *dom_entry; |
64 | 64 | ||
65 | if ((secattr->flags & NETLBL_SECATTR_DOMAIN) == 0) | ||
66 | return -ENOENT; | ||
67 | |||
65 | rcu_read_lock(); | 68 | rcu_read_lock(); |
66 | dom_entry = netlbl_domhsh_getentry(secattr->domain); | 69 | dom_entry = netlbl_domhsh_getentry(secattr->domain); |
67 | if (dom_entry == NULL) | 70 | if (dom_entry == NULL) |
@@ -200,7 +203,7 @@ void netlbl_cache_invalidate(void) | |||
200 | int netlbl_cache_add(const struct sk_buff *skb, | 203 | int netlbl_cache_add(const struct sk_buff *skb, |
201 | const struct netlbl_lsm_secattr *secattr) | 204 | const struct netlbl_lsm_secattr *secattr) |
202 | { | 205 | { |
203 | if (secattr->cache == NULL) | 206 | if ((secattr->flags & NETLBL_SECATTR_CACHE) == 0) |
204 | return -ENOMSG; | 207 | return -ENOMSG; |
205 | 208 | ||
206 | if (CIPSO_V4_OPTEXIST(skb)) | 209 | if (CIPSO_V4_OPTEXIST(skb)) |