diff options
author | Venkat Yekkirala <vyekkirala@TrustedCS.com> | 2006-07-25 02:32:20 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:53:28 -0400 |
commit | cb969f072b6d67770b559617f14e767f47e77ece (patch) | |
tree | 4112eb0182e8b3e28b42aebaa40ca25454fc6b76 /net/xfrm | |
parent | beb8d13bed80f8388f1a9a107d07ddd342e627e8 (diff) |
[MLSXFRM]: Default labeling of socket specific IPSec policies
This defaults the label of socket-specific IPSec policies to be the
same as the socket they are set on.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r-- | net/xfrm/xfrm_state.c | 2 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 13 |
2 files changed, 12 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index be02bd981d12..1c796087ee78 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -1026,7 +1026,7 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen | |||
1026 | err = -EINVAL; | 1026 | err = -EINVAL; |
1027 | read_lock(&xfrm_km_lock); | 1027 | read_lock(&xfrm_km_lock); |
1028 | list_for_each_entry(km, &xfrm_km_list, list) { | 1028 | list_for_each_entry(km, &xfrm_km_list, list) { |
1029 | pol = km->compile_policy(sk->sk_family, optname, data, | 1029 | pol = km->compile_policy(sk, optname, data, |
1030 | optlen, &err); | 1030 | optlen, &err); |
1031 | if (err >= 0) | 1031 | if (err >= 0) |
1032 | break; | 1032 | break; |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index dac8db1088bc..f70e158874d2 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -1757,7 +1757,7 @@ static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, | |||
1757 | /* User gives us xfrm_user_policy_info followed by an array of 0 | 1757 | /* User gives us xfrm_user_policy_info followed by an array of 0 |
1758 | * or more templates. | 1758 | * or more templates. |
1759 | */ | 1759 | */ |
1760 | static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, | 1760 | static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, |
1761 | u8 *data, int len, int *dir) | 1761 | u8 *data, int len, int *dir) |
1762 | { | 1762 | { |
1763 | struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; | 1763 | struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; |
@@ -1765,7 +1765,7 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, | |||
1765 | struct xfrm_policy *xp; | 1765 | struct xfrm_policy *xp; |
1766 | int nr; | 1766 | int nr; |
1767 | 1767 | ||
1768 | switch (family) { | 1768 | switch (sk->sk_family) { |
1769 | case AF_INET: | 1769 | case AF_INET: |
1770 | if (opt != IP_XFRM_POLICY) { | 1770 | if (opt != IP_XFRM_POLICY) { |
1771 | *dir = -EOPNOTSUPP; | 1771 | *dir = -EOPNOTSUPP; |
@@ -1807,6 +1807,15 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, | |||
1807 | copy_from_user_policy(xp, p); | 1807 | copy_from_user_policy(xp, p); |
1808 | copy_templates(xp, ut, nr); | 1808 | copy_templates(xp, ut, nr); |
1809 | 1809 | ||
1810 | if (!xp->security) { | ||
1811 | int err = security_xfrm_sock_policy_alloc(xp, sk); | ||
1812 | if (err) { | ||
1813 | kfree(xp); | ||
1814 | *dir = err; | ||
1815 | return NULL; | ||
1816 | } | ||
1817 | } | ||
1818 | |||
1810 | *dir = p->dir; | 1819 | *dir = p->dir; |
1811 | 1820 | ||
1812 | return xp; | 1821 | return xp; |