diff options
| author | Paul Moore <paul.moore@hp.com> | 2006-11-17 17:38:53 -0500 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 00:24:13 -0500 |
| commit | 9f2ad66509b182b399a5b03de487f45bde623524 (patch) | |
| tree | 8376dc2db99a78c1b043644f019c4dc224187f16 /security/selinux/hooks.c | |
| parent | 9bb5fd2b05cb4dba229e225536faa59eaadd837d (diff) | |
NetLabel: SELinux cleanups
This patch does a lot of cleanup in the SELinux NetLabel support code. A
summary of the changes include:
* Use RCU locking for the NetLabel state variable in the skk_security_struct
instead of using the inode_security_struct mutex.
* Remove unnecessary parameters in selinux_netlbl_socket_post_create().
* Rename selinux_netlbl_sk_clone_security() to
selinux_netlbl_sk_security_clone() to better fit the other NetLabel
sk_security functions.
* Improvements to selinux_netlbl_inode_permission() to help reduce the cost of
the common case.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 0cf98740ddc6..975c0dfb5a11 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3140,9 +3140,7 @@ static int selinux_socket_post_create(struct socket *sock, int family, | |||
| 3140 | if (sock->sk) { | 3140 | if (sock->sk) { |
| 3141 | sksec = sock->sk->sk_security; | 3141 | sksec = sock->sk->sk_security; |
| 3142 | sksec->sid = isec->sid; | 3142 | sksec->sid = isec->sid; |
| 3143 | err = selinux_netlbl_socket_post_create(sock, | 3143 | err = selinux_netlbl_socket_post_create(sock); |
| 3144 | family, | ||
| 3145 | isec->sid); | ||
| 3146 | } | 3144 | } |
| 3147 | 3145 | ||
| 3148 | return err; | 3146 | return err; |
| @@ -3661,7 +3659,7 @@ static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) | |||
| 3661 | newssec->sid = ssec->sid; | 3659 | newssec->sid = ssec->sid; |
| 3662 | newssec->peer_sid = ssec->peer_sid; | 3660 | newssec->peer_sid = ssec->peer_sid; |
| 3663 | 3661 | ||
| 3664 | selinux_netlbl_sk_clone_security(ssec, newssec); | 3662 | selinux_netlbl_sk_security_clone(ssec, newssec); |
| 3665 | } | 3663 | } |
| 3666 | 3664 | ||
| 3667 | static void selinux_sk_getsecid(struct sock *sk, u32 *secid) | 3665 | static void selinux_sk_getsecid(struct sock *sk, u32 *secid) |
| @@ -3730,7 +3728,9 @@ static void selinux_inet_csk_clone(struct sock *newsk, | |||
| 3730 | So we will wait until sock_graft to do it, by which | 3728 | So we will wait until sock_graft to do it, by which |
| 3731 | time it will have been created and available. */ | 3729 | time it will have been created and available. */ |
| 3732 | 3730 | ||
| 3733 | selinux_netlbl_sk_security_init(newsksec, req->rsk_ops->family); | 3731 | /* We don't need to take any sort of lock here as we are the only |
| 3732 | * thread with access to newsksec */ | ||
| 3733 | selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family); | ||
| 3734 | } | 3734 | } |
| 3735 | 3735 | ||
| 3736 | static void selinux_inet_conn_established(struct sock *sk, | 3736 | static void selinux_inet_conn_established(struct sock *sk, |