diff options
author | Paul Moore <paul.moore@hp.com> | 2008-01-29 08:38:08 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-01-29 16:17:21 -0500 |
commit | e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6 (patch) | |
tree | 0d786c0ad972e43d1128296b8e7ae47275ab3ebd /security/selinux/include | |
parent | 75e22910cf0c26802b09dac2e34c13e648d3ed02 (diff) |
SELinux: Convert the netif code to use ifindex values
The current SELinux netif code requires the caller have a valid net_device
struct pointer to lookup network interface information. However, we don't
always have a valid net_device pointer so convert the netif code to use
the ifindex values we always have as part of the sk_buff. This patch also
removes the default message SID from the network interface record, it is
not being used and therefore is "dead code".
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/netif.h | 4 | ||||
-rw-r--r-- | security/selinux/include/objsec.h | 5 | ||||
-rw-r--r-- | security/selinux/include/security.h | 3 |
3 files changed, 6 insertions, 6 deletions
diff --git a/security/selinux/include/netif.h b/security/selinux/include/netif.h index 8bd6f9992d2b..ce23edd128b3 100644 --- a/security/selinux/include/netif.h +++ b/security/selinux/include/netif.h | |||
@@ -7,6 +7,8 @@ | |||
7 | * Author: James Morris <jmorris@redhat.com> | 7 | * Author: James Morris <jmorris@redhat.com> |
8 | * | 8 | * |
9 | * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> | 9 | * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> |
10 | * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. | ||
11 | * Paul Moore, <paul.moore@hp.com> | ||
10 | * | 12 | * |
11 | * This program is free software; you can redistribute it and/or modify | 13 | * This program is free software; you can redistribute it and/or modify |
12 | * it under the terms of the GNU General Public License version 2, | 14 | * it under the terms of the GNU General Public License version 2, |
@@ -15,7 +17,7 @@ | |||
15 | #ifndef _SELINUX_NETIF_H_ | 17 | #ifndef _SELINUX_NETIF_H_ |
16 | #define _SELINUX_NETIF_H_ | 18 | #define _SELINUX_NETIF_H_ |
17 | 19 | ||
18 | int sel_netif_sids(struct net_device *dev, u32 *if_sid, u32 *msg_sid); | 20 | int sel_netif_sid(int ifindex, u32 *sid); |
19 | 21 | ||
20 | #endif /* _SELINUX_NETIF_H_ */ | 22 | #endif /* _SELINUX_NETIF_H_ */ |
21 | 23 | ||
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 4138a80f8e27..2d0a92e97d5a 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
@@ -96,9 +96,8 @@ struct bprm_security_struct { | |||
96 | }; | 96 | }; |
97 | 97 | ||
98 | struct netif_security_struct { | 98 | struct netif_security_struct { |
99 | struct net_device *dev; /* back pointer */ | 99 | int ifindex; /* device index */ |
100 | u32 if_sid; /* SID for this interface */ | 100 | u32 sid; /* SID for this interface */ |
101 | u32 msg_sid; /* default SID for messages received on this interface */ | ||
102 | }; | 101 | }; |
103 | 102 | ||
104 | struct sk_security_struct { | 103 | struct sk_security_struct { |
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 39337afffec2..a33437bba932 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
@@ -77,8 +77,7 @@ int security_get_user_sids(u32 callsid, char *username, | |||
77 | int security_port_sid(u16 domain, u16 type, u8 protocol, u16 port, | 77 | int security_port_sid(u16 domain, u16 type, u8 protocol, u16 port, |
78 | u32 *out_sid); | 78 | u32 *out_sid); |
79 | 79 | ||
80 | int security_netif_sid(char *name, u32 *if_sid, | 80 | int security_netif_sid(char *name, u32 *if_sid); |
81 | u32 *msg_sid); | ||
82 | 81 | ||
83 | int security_node_sid(u16 domain, void *addr, u32 addrlen, | 82 | int security_node_sid(u16 domain, void *addr, u32 addrlen, |
84 | u32 *out_sid); | 83 | u32 *out_sid); |