SELinux: Convert the netif code to use ifindex values

The current SELinux netif code requires the caller have a valid net_device
struct pointer to lookup network interface information.  However, we don't
always have a valid net_device pointer so convert the netif code to use
the ifindex values we always have as part of the sk_buff.  This patch also
removes the default message SID from the network interface record, it is
not being used and therefore is "dead code".

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 2 insertions, 8 deletions

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 0f97ef578370..8dfaa3e7c26d 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1478,11 +1478,8 @@ out:
  * security_netif_sid - Obtain the SID for a network interface.
  * @name: interface name
  * @if_sid: interface SID
- * @msg_sid: default SID for received packets
  */
-int security_netif_sid(char *name,
-                       u32 *if_sid,
-                       u32 *msg_sid)
+int security_netif_sid(char *name, u32 *if_sid)
 {
         int rc = 0;
         struct ocontext *c;
@@ -1510,11 +1507,8 @@ int security_netif_sid(char *name,
                                 goto out;
                 }
                 *if_sid = c->sid[0];
-                *msg_sid = c->sid[1];
-        } else {
+        } else
                 *if_sid = SECINITSID_NETIF;
-                *msg_sid = SECINITSID_NETMSG;
-        }
 
 out:
         POLICY_RDUNLOCK;