SELinux: move security_skb_extlbl_sid() out of the security server

As suggested, move the security_skb_extlbl_sid() function out of the security server and into the SELinux hooks file. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
author: Paul Moore <paul.moore@hp.com> 2007-03-01 14:35:22 -0500
committer: James Morris <jmorris@namei.org> 2007-04-26 01:35:56 -0400
commit: 4f6a993f96a256e83b9be7612f958c7bc4ca9f00 (patch)
tree: 385e5ce4423583b65780d20fce075cd936fe1449 /security/selinux/hooks.c
parent: 588a31577f86a5cd8b0bcde6026e4e6dcac8c383 (diff)
1 files changed, 31 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7f8d0b1ee02f..68629aa039ed 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3123,6 +3123,34 @@ static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
        return ret;
 }
+/**
+ * selinux_skb_extlbl_sid - Determine the external label of a packet
+ * @skb: the packet
+ * @base_sid: the SELinux SID to use as a context for MLS only external labels
+ * @sid: the packet's SID
+ *
+ * Description:
+ * Check the various different forms of external packet labeling and determine
+ * the external SID for the packet.
+ *
+ */
+static void selinux_skb_extlbl_sid(struct sk_buff *skb,
+                                   u32 base_sid,
+                                   u32 *sid)
+{
+        u32 xfrm_sid;
+        u32 nlbl_sid;
+        selinux_skb_xfrm_sid(skb, &xfrm_sid);
+        if (selinux_netlbl_skbuff_getsid(skb,
+                                         (xfrm_sid == SECSID_NULL ?
+                                          base_sid : xfrm_sid),
+                                         &nlbl_sid) != 0)
+                nlbl_sid = SECSID_NULL;
+        *sid = (nlbl_sid == SECSID_NULL ? xfrm_sid : nlbl_sid);
+}
 /* socket security operations */
 static int socket_has_perm(struct task_struct *task, struct socket *sock,
                           u32 perms)
@@ -3664,9 +3692,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
        if (sock && sock->sk->sk_family == PF_UNIX)
                selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
        else if (skb)
-                security_skb_extlbl_sid(skb,
+                selinux_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &peer_secid);
-                                        SECINITSID_UNLABELED,
-                                        &peer_secid);
        if (peer_secid == SECSID_NULL)
                err = -EINVAL;
@@ -3727,7 +3753,7 @@ static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
        u32 newsid;
        u32 peersid;
-        security_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &peersid);
+        selinux_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &peersid);
        if (peersid == SECSID_NULL) {
                req->secid = sksec->sid;
                req->peer_secid = SECSID_NULL;
@@ -3765,7 +3791,7 @@ static void selinux_inet_conn_established(struct sock *sk,
 {
        struct sk_security_struct *sksec = sk->sk_security;
-        security_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &sksec->peer_sid);
+        selinux_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &sksec->peer_sid);
 }
 static void selinux_req_classify_flow(const struct request_sock *req,
author	Paul Moore <paul.moore@hp.com>	2007-03-01 14:35:22 -0500
committer	James Morris <jmorris@namei.org>	2007-04-26 01:35:56 -0400
commit	4f6a993f96a256e83b9be7612f958c7bc4ca9f00 (patch)
tree	385e5ce4423583b65780d20fce075cd936fe1449 /security/selinux/hooks.c
parent	588a31577f86a5cd8b0bcde6026e4e6dcac8c383 (diff)