diff options
author | Paul Moore <paul.moore@hp.com> | 2006-11-17 17:38:54 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 00:24:14 -0500 |
commit | 3de4bab5b9f8848a0c16a4b1ffe0452f0d670237 (patch) | |
tree | f65c12b53bf2ad02645ea31522f67e7318019498 /security/selinux/xfrm.c | |
parent | 9f2ad66509b182b399a5b03de487f45bde623524 (diff) |
SELinux: peer secid consolidation for external network labeling
Now that labeled IPsec makes use of the peer_sid field in the
sk_security_struct we can remove a lot of the special cases between labeled
IPsec and NetLabel. In addition, create a new function,
security_skb_extlbl_sid(), which we can use in several places to get the
security context of the packet's external label which allows us to further
simplify the code in a few places.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/xfrm.c')
-rw-r--r-- | security/selinux/xfrm.c | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 9b777140068f..bd8d1ef40a90 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
@@ -372,39 +372,6 @@ void selinux_xfrm_state_free(struct xfrm_state *x) | |||
372 | kfree(ctx); | 372 | kfree(ctx); |
373 | } | 373 | } |
374 | 374 | ||
375 | /* | ||
376 | * SELinux internal function to retrieve the context of a UDP packet | ||
377 | * based on its security association. | ||
378 | * | ||
379 | * Retrieve via setsockopt IP_PASSSEC and recvmsg with control message | ||
380 | * type SCM_SECURITY. | ||
381 | */ | ||
382 | u32 selinux_socket_getpeer_dgram(struct sk_buff *skb) | ||
383 | { | ||
384 | struct sec_path *sp; | ||
385 | |||
386 | if (skb == NULL) | ||
387 | return SECSID_NULL; | ||
388 | |||
389 | if (skb->sk->sk_protocol != IPPROTO_UDP) | ||
390 | return SECSID_NULL; | ||
391 | |||
392 | sp = skb->sp; | ||
393 | if (sp) { | ||
394 | int i; | ||
395 | |||
396 | for (i = sp->len-1; i >= 0; i--) { | ||
397 | struct xfrm_state *x = sp->xvec[i]; | ||
398 | if (selinux_authorizable_xfrm(x)) { | ||
399 | struct xfrm_sec_ctx *ctx = x->security; | ||
400 | return ctx->ctx_sid; | ||
401 | } | ||
402 | } | ||
403 | } | ||
404 | |||
405 | return SECSID_NULL; | ||
406 | } | ||
407 | |||
408 | /* | 375 | /* |
409 | * LSM hook implementation that authorizes deletion of labeled SAs. | 376 | * LSM hook implementation that authorizes deletion of labeled SAs. |
410 | */ | 377 | */ |