aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c27
1 files changed, 8 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3481cde5bf15..da36dac6535f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5654,27 +5654,20 @@ static struct nf_hook_ops selinux_ipv6_ops[] = {
5654static int __init selinux_nf_ip_init(void) 5654static int __init selinux_nf_ip_init(void)
5655{ 5655{
5656 int err = 0; 5656 int err = 0;
5657 u32 iter;
5658 5657
5659 if (!selinux_enabled) 5658 if (!selinux_enabled)
5660 goto out; 5659 goto out;
5661 5660
5662 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); 5661 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5663 5662
5664 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) { 5663 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5665 err = nf_register_hook(&selinux_ipv4_ops[iter]); 5664 if (err)
5666 if (err) 5665 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
5667 panic("SELinux: nf_register_hook for IPv4: error %d\n",
5668 err);
5669 }
5670 5666
5671#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 5667#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5672 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) { 5668 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5673 err = nf_register_hook(&selinux_ipv6_ops[iter]); 5669 if (err)
5674 if (err) 5670 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
5675 panic("SELinux: nf_register_hook for IPv6: error %d\n",
5676 err);
5677 }
5678#endif /* IPV6 */ 5671#endif /* IPV6 */
5679 5672
5680out: 5673out:
@@ -5686,15 +5679,11 @@ __initcall(selinux_nf_ip_init);
5686#ifdef CONFIG_SECURITY_SELINUX_DISABLE 5679#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5687static void selinux_nf_ip_exit(void) 5680static void selinux_nf_ip_exit(void)
5688{ 5681{
5689 u32 iter;
5690
5691 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); 5682 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5692 5683
5693 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) 5684 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5694 nf_unregister_hook(&selinux_ipv4_ops[iter]);
5695#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 5685#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5696 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) 5686 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5697 nf_unregister_hook(&selinux_ipv6_ops[iter]);
5698#endif /* IPV6 */ 5687#endif /* IPV6 */
5699} 5688}
5700#endif 5689#endif