aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
authorVenkat Yekkirala <vyekkirala@TrustedCS.com>2006-07-25 02:32:20 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 17:53:28 -0400
commitcb969f072b6d67770b559617f14e767f47e77ece (patch)
tree4112eb0182e8b3e28b42aebaa40ca25454fc6b76 /net/xfrm
parentbeb8d13bed80f8388f1a9a107d07ddd342e627e8 (diff)
[MLSXFRM]: Default labeling of socket specific IPSec policies
This defaults the label of socket-specific IPSec policies to be the same as the socket they are set on. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_state.c2
-rw-r--r--net/xfrm/xfrm_user.c13
2 files changed, 12 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index be02bd981d12..1c796087ee78 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1026,7 +1026,7 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
1026 err = -EINVAL; 1026 err = -EINVAL;
1027 read_lock(&xfrm_km_lock); 1027 read_lock(&xfrm_km_lock);
1028 list_for_each_entry(km, &xfrm_km_list, list) { 1028 list_for_each_entry(km, &xfrm_km_list, list) {
1029 pol = km->compile_policy(sk->sk_family, optname, data, 1029 pol = km->compile_policy(sk, optname, data,
1030 optlen, &err); 1030 optlen, &err);
1031 if (err >= 0) 1031 if (err >= 0)
1032 break; 1032 break;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index dac8db1088bc..f70e158874d2 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1757,7 +1757,7 @@ static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt,
1757/* User gives us xfrm_user_policy_info followed by an array of 0 1757/* User gives us xfrm_user_policy_info followed by an array of 0
1758 * or more templates. 1758 * or more templates.
1759 */ 1759 */
1760static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, 1760static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt,
1761 u8 *data, int len, int *dir) 1761 u8 *data, int len, int *dir)
1762{ 1762{
1763 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 1763 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data;
@@ -1765,7 +1765,7 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt,
1765 struct xfrm_policy *xp; 1765 struct xfrm_policy *xp;
1766 int nr; 1766 int nr;
1767 1767
1768 switch (family) { 1768 switch (sk->sk_family) {
1769 case AF_INET: 1769 case AF_INET:
1770 if (opt != IP_XFRM_POLICY) { 1770 if (opt != IP_XFRM_POLICY) {
1771 *dir = -EOPNOTSUPP; 1771 *dir = -EOPNOTSUPP;
@@ -1807,6 +1807,15 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt,
1807 copy_from_user_policy(xp, p); 1807 copy_from_user_policy(xp, p);
1808 copy_templates(xp, ut, nr); 1808 copy_templates(xp, ut, nr);
1809 1809
1810 if (!xp->security) {
1811 int err = security_xfrm_sock_policy_alloc(xp, sk);
1812 if (err) {
1813 kfree(xp);
1814 *dir = err;
1815 return NULL;
1816 }
1817 }
1818
1810 *dir = p->dir; 1819 *dir = p->dir;
1811 1820
1812 return xp; 1821 return xp;