selinux: cleanup selinux_xfrm_sock_rcv_skb() and selinux_xfrm_postroute_last()

Some basic simplification and comment reformatting. Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
author: Paul Moore <pmoore@redhat.com> 2013-07-23 17:38:39 -0400
committer: Eric Paris <eparis@redhat.com> 2013-07-25 13:01:52 -0400
commit: eef9b41622f2f09e824fb4e7356b42bddada6623 (patch)
tree: a7b62b492032b899bdc73f5d4f1a80d2ecc6a848 /security
parent: 96484348ad712aed2c6ad7229b848bc1bf6165a8 (diff)
2 files changed, 42 insertions, 60 deletions
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index f2a2314aac1a..b463f210f1af 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -44,10 +44,10 @@ static inline int selinux_xfrm_enabled(void)
        return (atomic_read(&selinux_xfrm_refcount) > 0);
 }
-int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb,
+int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
-                        struct common_audit_data *ad);
+                              struct common_audit_data *ad);
-int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
+int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
-                        struct common_audit_data *ad, u8 proto);
+                                struct common_audit_data *ad, u8 proto);
 int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
 static inline void selinux_xfrm_notify_policyload(void)
@@ -61,14 +61,15 @@ static inline int selinux_xfrm_enabled(void)
        return 0;
 }
-static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
+static inline int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
-                        struct common_audit_data *ad)
+                                            struct common_audit_data *ad)
 {
        return 0;
 }
-static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
+static inline int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
-                        struct common_audit_data *ad, u8 proto)
+                                              struct common_audit_data *ad,
+                                              u8 proto)
 {
        return 0;
 }
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 4a7ba4ac487e..1f6c6e619e98 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -367,14 +367,12 @@ int selinux_xfrm_state_delete(struct xfrm_state *x)
 * we need to check for unlabelled access since this may not have
 * gone thru the IPSec process.
 */
-int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
+int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
-                                struct common_audit_data *ad)
+                              struct common_audit_data *ad)
 {
-        int i, rc = 0;
+        int i;
-        struct sec_path *sp;
+        struct sec_path *sp = skb->sp;
-        u32 sel_sid = SECINITSID_UNLABELED;
+        u32 peer_sid = SECINITSID_UNLABELED;
-        sp = skb->sp;
        if (sp) {
                for (i = 0; i < sp->len; i++) {
@@ -382,23 +380,17 @@ int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
                        if (x && selinux_authorizable_xfrm(x)) {
                                struct xfrm_sec_ctx *ctx = x->security;
-                                sel_sid = ctx->ctx_sid;
+                                peer_sid = ctx->ctx_sid;
                                break;
                        }
                }
        }
-        /*
+        /* This check even when there's no association involved is intended,
-         * This check even when there's no association involved is
+         * according to Trent Jaeger, to make sure a process can't engage in
-         * intended, according to Trent Jaeger, to make sure a
+         * non-IPsec communication unless explicitly allowed by policy. */
-         * process can't engage in non-ipsec communication unless
+        return avc_has_perm(sk_sid, peer_sid,
-         * explicitly allowed by policy.
+                            SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, ad);
-         */
-        rc = avc_has_perm(isec_sid, sel_sid, SECCLASS_ASSOCIATION,
-                          ASSOCIATION__RECVFROM, ad);
-        return rc;
 }
 /*
@@ -408,49 +400,38 @@ int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
 * If we do have a authorizable security association, then it has already been
 * checked in the selinux_xfrm_state_pol_flow_match hook above.
 */
-int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
+int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
-                                        struct common_audit_data *ad, u8 proto)
+                                struct common_audit_data *ad, u8 proto)
 {
        struct dst_entry *dst;
-        int rc = 0;
-        dst = skb_dst(skb);
-        if (dst) {
-                struct dst_entry *dst_test;
-                for (dst_test = dst; dst_test != NULL;
-                     dst_test = dst_test->child) {
-                        struct xfrm_state *x = dst_test->xfrm;
-                        if (x && selinux_authorizable_xfrm(x))
-                                goto out;
-                }
-        }
        switch (proto) {
        case IPPROTO_AH:
        case IPPROTO_ESP:
        case IPPROTO_COMP:
-                /*
+                /* We should have already seen this packet once before it
-                 * We should have already seen this packet once before
+                 * underwent xfrm(s). No need to subject it to the unlabeled
-                 * it underwent xfrm(s). No need to subject it to the
+                 * check. */
-                 * unlabeled check.
+                return 0;
-                 */
-                goto out;
        default:
                break;
        }
-        /*
+        dst = skb_dst(skb);
-         * This check even when there's no association involved is
+        if (dst) {
-         * intended, according to Trent Jaeger, to make sure a
+                struct dst_entry *iter;
-         * process can't engage in non-ipsec communication unless
-         * explicitly allowed by policy.
-         */
-        rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION,
+                for (iter = dst; iter != NULL; iter = iter->child) {
-                          ASSOCIATION__SENDTO, ad);
+                        struct xfrm_state *x = iter->xfrm;
-out:
-        return rc;
+                        if (x && selinux_authorizable_xfrm(x))
+                                return 0;
+                }
+        }
+        /* This check even when there's no association involved is intended,
+         * according to Trent Jaeger, to make sure a process can't engage in
+         * non-IPsec communication unless explicitly allowed by policy. */
+        return avc_has_perm(sk_sid, SECINITSID_UNLABELED,
+                            SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, ad);
 }
author	Paul Moore <pmoore@redhat.com>	2013-07-23 17:38:39 -0400
committer	Eric Paris <eparis@redhat.com>	2013-07-25 13:01:52 -0400
commit	eef9b41622f2f09e824fb4e7356b42bddada6623 (patch)
tree	a7b62b492032b899bdc73f5d4f1a80d2ecc6a848 /security
parent	96484348ad712aed2c6ad7229b848bc1bf6165a8 (diff)

diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index f2a2314aac1a..b463f210f1af 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h
@@ -44,10 +44,10 @@ static inline int selinux_xfrm_enabled(void)
44	return (atomic_read(&selinux_xfrm_refcount) > 0);	44	return (atomic_read(&selinux_xfrm_refcount) > 0);
45	}	45	}
46		46
47	int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb,	47	int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
48	struct common_audit_data *ad);	48	struct common_audit_data *ad);
49	int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,	49	int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
50	struct common_audit_data *ad, u8 proto);	50	struct common_audit_data *ad, u8 proto);
51	int selinux_xfrm_decode_session(struct sk_buff skb, u32 sid, int ckall);	51	int selinux_xfrm_decode_session(struct sk_buff skb, u32 sid, int ckall);
52		52
53	static inline void selinux_xfrm_notify_policyload(void)	53	static inline void selinux_xfrm_notify_policyload(void)
@@ -61,14 +61,15 @@ static inline int selinux_xfrm_enabled(void)
61	return 0;	61	return 0;
62	}	62	}
63		63
64	static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,	64	static inline int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
65	struct common_audit_data *ad)	65	struct common_audit_data *ad)
66	{	66	{
67	return 0;	67	return 0;
68	}	68	}
69		69
70	static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,	70	static inline int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
71	struct common_audit_data *ad, u8 proto)	71	struct common_audit_data *ad,
		72	u8 proto)
72	{	73	{
73	return 0;	74	return 0;
74	}	75	}


diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 4a7ba4ac487e..1f6c6e619e98 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c
@@ -367,14 +367,12 @@ int selinux_xfrm_state_delete(struct xfrm_state *x)
367	* we need to check for unlabelled access since this may not have	367	* we need to check for unlabelled access since this may not have
368	* gone thru the IPSec process.	368	* gone thru the IPSec process.
369	*/	369	*/
370	int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,	370	int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
371	struct common_audit_data *ad)	371	struct common_audit_data *ad)
372	{	372	{
373	int i, rc = 0;	373	int i;
374	struct sec_path *sp;	374	struct sec_path *sp = skb->sp;
375	u32 sel_sid = SECINITSID_UNLABELED;	375	u32 peer_sid = SECINITSID_UNLABELED;
376
377	sp = skb->sp;
378		376
379	if (sp) {	377	if (sp) {
380	for (i = 0; i < sp->len; i++) {	378	for (i = 0; i < sp->len; i++) {
@@ -382,23 +380,17 @@ int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
382		380
383	if (x && selinux_authorizable_xfrm(x)) {	381	if (x && selinux_authorizable_xfrm(x)) {
384	struct xfrm_sec_ctx *ctx = x->security;	382	struct xfrm_sec_ctx *ctx = x->security;
385	sel_sid = ctx->ctx_sid;	383	peer_sid = ctx->ctx_sid;
386	break;	384	break;
387	}	385	}
388	}	386	}
389	}	387	}
390		388
391	/*	389	/* This check even when there's no association involved is intended,
392	* This check even when there's no association involved is	390	* according to Trent Jaeger, to make sure a process can't engage in
393	* intended, according to Trent Jaeger, to make sure a	391	* non-IPsec communication unless explicitly allowed by policy. */
394	* process can't engage in non-ipsec communication unless	392	return avc_has_perm(sk_sid, peer_sid,
395	* explicitly allowed by policy.	393	SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, ad);
396	*/
397
398	rc = avc_has_perm(isec_sid, sel_sid, SECCLASS_ASSOCIATION,
399	ASSOCIATION__RECVFROM, ad);
400
401	return rc;
402	}	394	}
403		395
404	/*	396	/*
@@ -408,49 +400,38 @@ int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
408	* If we do have a authorizable security association, then it has already been	400	* If we do have a authorizable security association, then it has already been
409	* checked in the selinux_xfrm_state_pol_flow_match hook above.	401	* checked in the selinux_xfrm_state_pol_flow_match hook above.
410	*/	402	*/
411	int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,	403	int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
412	struct common_audit_data *ad, u8 proto)	404	struct common_audit_data *ad, u8 proto)
413	{	405	{
414	struct dst_entry *dst;	406	struct dst_entry *dst;
415	int rc = 0;
416
417	dst = skb_dst(skb);
418
419	if (dst) {
420	struct dst_entry *dst_test;
421
422	for (dst_test = dst; dst_test != NULL;
423	dst_test = dst_test->child) {
424	struct xfrm_state *x = dst_test->xfrm;
425
426	if (x && selinux_authorizable_xfrm(x))
427	goto out;
428	}
429	}
430		407
431	switch (proto) {	408	switch (proto) {
432	case IPPROTO_AH:	409	case IPPROTO_AH:
433	case IPPROTO_ESP:	410	case IPPROTO_ESP:
434	case IPPROTO_COMP:	411	case IPPROTO_COMP:
435	/*	412	/* We should have already seen this packet once before it
436	* We should have already seen this packet once before	413	* underwent xfrm(s). No need to subject it to the unlabeled
437	* it underwent xfrm(s). No need to subject it to the	414	* check. */
438	* unlabeled check.	415	return 0;
439	*/
440	goto out;
441	default:	416	default:
442	break;	417	break;
443	}	418	}
444		419
445	/*	420	dst = skb_dst(skb);
446	* This check even when there's no association involved is	421	if (dst) {
447	* intended, according to Trent Jaeger, to make sure a	422	struct dst_entry *iter;
448	* process can't engage in non-ipsec communication unless
449	* explicitly allowed by policy.
450	*/
451		423
452	rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION,	424	for (iter = dst; iter != NULL; iter = iter->child) {
453	ASSOCIATION__SENDTO, ad);	425	struct xfrm_state *x = iter->xfrm;
454	out:	426
455	return rc;	427	if (x && selinux_authorizable_xfrm(x))
		428	return 0;
		429	}
		430	}
		431
		432	/* This check even when there's no association involved is intended,
		433	* according to Trent Jaeger, to make sure a process can't engage in
		434	* non-IPsec communication unless explicitly allowed by policy. */
		435	return avc_has_perm(sk_sid, SECINITSID_UNLABELED,
		436	SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, ad);
456	}	437	}