SELinux: peer secid consolidation for external network labeling

Now that labeled IPsec makes use of the peer_sid field in the sk_security_struct we can remove a lot of the special cases between labeled IPsec and NetLabel. In addition, create a new function, security_skb_extlbl_sid(), which we can use in several places to get the security context of the packet's external label which allows us to further simplify the code in a few places. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Paul Moore <paul.moore@hp.com> 2006-11-17 17:38:54 -0500
committer: David S. Miller <davem@sunset.davemloft.net> 2006-12-03 00:24:14 -0500
commit: 3de4bab5b9f8848a0c16a4b1ffe0452f0d670237 (patch)
tree: f65c12b53bf2ad02645ea31522f67e7318019498 /security/selinux/include/security.h
parent: 9f2ad66509b182b399a5b03de487f45bde623524 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 1ef79172cc8c..015f697e925f 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -8,6 +8,7 @@
 #ifndef _SELINUX_SECURITY_H_
 #define _SELINUX_SECURITY_H_
+#include <linux/skbuff.h>
 #include "flask.h"
 #define SECSID_NULL                     0x00000000 /* unspecified SID */
@@ -80,6 +81,8 @@ int security_netif_sid(char *name, u32 *if_sid,
 int security_node_sid(u16 domain, void *addr, u32 addrlen,
        u32 *out_sid);
+void security_skb_extlbl_sid(struct sk_buff *skb, u32 base_sid, u32 *sid);
 int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
                                 u16 tclass);
author	Paul Moore <paul.moore@hp.com>	2006-11-17 17:38:54 -0500
committer	David S. Miller <davem@sunset.davemloft.net>	2006-12-03 00:24:14 -0500
commit	3de4bab5b9f8848a0c16a4b1ffe0452f0d670237 (patch)
tree	f65c12b53bf2ad02645ea31522f67e7318019498 /security/selinux/include/security.h
parent	9f2ad66509b182b399a5b03de487f45bde623524 (diff)