diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 45 |
1 files changed, 26 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 03fc6a81ae32..6b5790bba8f9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -957,7 +957,8 @@ out_err: | |||
| 957 | return rc; | 957 | return rc; |
| 958 | } | 958 | } |
| 959 | 959 | ||
| 960 | void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts) | 960 | static void selinux_write_opts(struct seq_file *m, |
| 961 | struct security_mnt_opts *opts) | ||
| 961 | { | 962 | { |
| 962 | int i; | 963 | int i; |
| 963 | char *prefix; | 964 | char *prefix; |
| @@ -3548,38 +3549,44 @@ out: | |||
| 3548 | #endif /* IPV6 */ | 3549 | #endif /* IPV6 */ |
| 3549 | 3550 | ||
| 3550 | static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, | 3551 | static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, |
| 3551 | char **addrp, int src, u8 *proto) | 3552 | char **_addrp, int src, u8 *proto) |
| 3552 | { | 3553 | { |
| 3553 | int ret = 0; | 3554 | char *addrp; |
| 3555 | int ret; | ||
| 3554 | 3556 | ||
| 3555 | switch (ad->u.net.family) { | 3557 | switch (ad->u.net.family) { |
| 3556 | case PF_INET: | 3558 | case PF_INET: |
| 3557 | ret = selinux_parse_skb_ipv4(skb, ad, proto); | 3559 | ret = selinux_parse_skb_ipv4(skb, ad, proto); |
| 3558 | if (ret || !addrp) | 3560 | if (ret) |
| 3559 | break; | 3561 | goto parse_error; |
| 3560 | *addrp = (char *)(src ? &ad->u.net.v4info.saddr : | 3562 | addrp = (char *)(src ? &ad->u.net.v4info.saddr : |
| 3561 | &ad->u.net.v4info.daddr); | 3563 | &ad->u.net.v4info.daddr); |
| 3562 | break; | 3564 | goto okay; |
| 3563 | 3565 | ||
| 3564 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 3566 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
| 3565 | case PF_INET6: | 3567 | case PF_INET6: |
| 3566 | ret = selinux_parse_skb_ipv6(skb, ad, proto); | 3568 | ret = selinux_parse_skb_ipv6(skb, ad, proto); |
| 3567 | if (ret || !addrp) | 3569 | if (ret) |
| 3568 | break; | 3570 | goto parse_error; |
| 3569 | *addrp = (char *)(src ? &ad->u.net.v6info.saddr : | 3571 | addrp = (char *)(src ? &ad->u.net.v6info.saddr : |
| 3570 | &ad->u.net.v6info.daddr); | 3572 | &ad->u.net.v6info.daddr); |
| 3571 | break; | 3573 | goto okay; |
| 3572 | #endif /* IPV6 */ | 3574 | #endif /* IPV6 */ |
| 3573 | default: | 3575 | default: |
| 3574 | break; | 3576 | addrp = NULL; |
| 3577 | goto okay; | ||
| 3575 | } | 3578 | } |
| 3576 | 3579 | ||
| 3577 | if (unlikely(ret)) | 3580 | parse_error: |
| 3578 | printk(KERN_WARNING | 3581 | printk(KERN_WARNING |
| 3579 | "SELinux: failure in selinux_parse_skb()," | 3582 | "SELinux: failure in selinux_parse_skb()," |
| 3580 | " unable to parse packet\n"); | 3583 | " unable to parse packet\n"); |
| 3581 | |||
| 3582 | return ret; | 3584 | return ret; |
| 3585 | |||
| 3586 | okay: | ||
| 3587 | if (_addrp) | ||
| 3588 | *_addrp = addrp; | ||
| 3589 | return 0; | ||
| 3583 | } | 3590 | } |
| 3584 | 3591 | ||
| 3585 | /** | 3592 | /** |