1 files changed, 19 insertions, 26 deletions
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index 65f67cb0aefb..7605251936f5 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -10,29 +10,21 @@
 #include <net/flow.h>
 int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
-                              struct xfrm_user_sec_ctx *sec_ctx);
+                              struct xfrm_user_sec_ctx *uctx);
 int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
                              struct xfrm_sec_ctx **new_ctxp);
 void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
 int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
 int selinux_xfrm_state_alloc(struct xfrm_state *x,
-        struct xfrm_user_sec_ctx *sec_ctx, u32 secid);
+                             struct xfrm_user_sec_ctx *uctx);
+int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
+                                     struct xfrm_sec_ctx *polsec, u32 secid);
 void selinux_xfrm_state_free(struct xfrm_state *x);
 int selinux_xfrm_state_delete(struct xfrm_state *x);
 int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
 int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
-                        struct xfrm_policy *xp, const struct flowi *fl);
+                                      struct xfrm_policy *xp,
+                                      const struct flowi *fl);
-/*
- * Extract the security blob from the sock (it's actually on the socket)
- */
-static inline struct inode_security_struct *get_sock_isec(struct sock *sk)
-{
-        if (!sk->sk_socket)
-                return NULL;
-        return SOCK_INODE(sk->sk_socket)->i_security;
-}
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 extern atomic_t selinux_xfrm_refcount;
@@ -42,10 +34,10 @@ static inline int selinux_xfrm_enabled(void)
        return (atomic_read(&selinux_xfrm_refcount) > 0);
 }
-int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb,
+int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
-                        struct common_audit_data *ad);
+                              struct common_audit_data *ad);
-int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
+int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
-                        struct common_audit_data *ad, u8 proto);
+                                struct common_audit_data *ad, u8 proto);
 int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
 static inline void selinux_xfrm_notify_policyload(void)
@@ -59,19 +51,21 @@ static inline int selinux_xfrm_enabled(void)
        return 0;
 }
-static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
+static inline int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
-                        struct common_audit_data *ad)
+                                            struct common_audit_data *ad)
 {
        return 0;
 }
-static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
+static inline int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
-                        struct common_audit_data *ad, u8 proto)
+                                              struct common_audit_data *ad,
+                                              u8 proto)
 {
        return 0;
 }
-static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
+static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid,
+                                              int ckall)
 {
        *sid = SECSID_NULL;
        return 0;
@@ -82,10 +76,9 @@ static inline void selinux_xfrm_notify_policyload(void)
 }
 #endif
-static inline void selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid)
+static inline int selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid)
 {
-        int err = selinux_xfrm_decode_session(skb, sid, 0);
+        return selinux_xfrm_decode_session(skb, sid, 0);
-        BUG_ON(err);
 }
 #endif /* _SELINUX_XFRM_H_ */

diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index 65f67cb0aefb..7605251936f5 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h
@@ -10,29 +10,21 @@
10	#include <net/flow.h>	10	#include <net/flow.h>
11		11
12	int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,	12	int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
13	struct xfrm_user_sec_ctx *sec_ctx);	13	struct xfrm_user_sec_ctx *uctx);
14	int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,	14	int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
15	struct xfrm_sec_ctx **new_ctxp);	15	struct xfrm_sec_ctx **new_ctxp);
16	void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);	16	void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
17	int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);	17	int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
18	int selinux_xfrm_state_alloc(struct xfrm_state *x,	18	int selinux_xfrm_state_alloc(struct xfrm_state *x,
19	struct xfrm_user_sec_ctx *sec_ctx, u32 secid);	19	struct xfrm_user_sec_ctx *uctx);
		20	int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
		21	struct xfrm_sec_ctx *polsec, u32 secid);
20	void selinux_xfrm_state_free(struct xfrm_state *x);	22	void selinux_xfrm_state_free(struct xfrm_state *x);
21	int selinux_xfrm_state_delete(struct xfrm_state *x);	23	int selinux_xfrm_state_delete(struct xfrm_state *x);
22	int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);	24	int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
23	int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,	25	int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
24	struct xfrm_policy xp, const struct flowi fl);	26	struct xfrm_policy *xp,
25		27	const struct flowi *fl);
26	/*
27	* Extract the security blob from the sock (it's actually on the socket)
28	*/
29	static inline struct inode_security_struct get_sock_isec(struct sock sk)
30	{
31	if (!sk->sk_socket)
32	return NULL;
33
34	return SOCK_INODE(sk->sk_socket)->i_security;
35	}
36		28
37	#ifdef CONFIG_SECURITY_NETWORK_XFRM	29	#ifdef CONFIG_SECURITY_NETWORK_XFRM
38	extern atomic_t selinux_xfrm_refcount;	30	extern atomic_t selinux_xfrm_refcount;
@@ -42,10 +34,10 @@ static inline int selinux_xfrm_enabled(void)
42	return (atomic_read(&selinux_xfrm_refcount) > 0);	34	return (atomic_read(&selinux_xfrm_refcount) > 0);
43	}	35	}
44		36
45	int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb,	37	int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
46	struct common_audit_data *ad);	38	struct common_audit_data *ad);
47	int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,	39	int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
48	struct common_audit_data *ad, u8 proto);	40	struct common_audit_data *ad, u8 proto);
49	int selinux_xfrm_decode_session(struct sk_buff skb, u32 sid, int ckall);	41	int selinux_xfrm_decode_session(struct sk_buff skb, u32 sid, int ckall);
50		42
51	static inline void selinux_xfrm_notify_policyload(void)	43	static inline void selinux_xfrm_notify_policyload(void)
@@ -59,19 +51,21 @@ static inline int selinux_xfrm_enabled(void)
59	return 0;	51	return 0;
60	}	52	}
61		53
62	static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,	54	static inline int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
63	struct common_audit_data *ad)	55	struct common_audit_data *ad)
64	{	56	{
65	return 0;	57	return 0;
66	}	58	}
67		59
68	static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,	60	static inline int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
69	struct common_audit_data *ad, u8 proto)	61	struct common_audit_data *ad,
		62	u8 proto)
70	{	63	{
71	return 0;	64	return 0;
72	}	65	}
73		66
74	static inline int selinux_xfrm_decode_session(struct sk_buff skb, u32 sid, int ckall)	67	static inline int selinux_xfrm_decode_session(struct sk_buff skb, u32 sid,
		68	int ckall)
75	{	69	{
76	*sid = SECSID_NULL;	70	*sid = SECSID_NULL;
77	return 0;	71	return 0;
@@ -82,10 +76,9 @@ static inline void selinux_xfrm_notify_policyload(void)
82	}	76	}
83	#endif	77	#endif
84		78
85	static inline void selinux_skb_xfrm_sid(struct sk_buff skb, u32 sid)	79	static inline int selinux_skb_xfrm_sid(struct sk_buff skb, u32 sid)
86	{	80	{
87	int err = selinux_xfrm_decode_session(skb, sid, 0);	81	return selinux_xfrm_decode_session(skb, sid, 0);
88	BUG_ON(err);
89	}	82	}
90		83
91	#endif /* _SELINUX_XFRM_H_ */	84	#endif /* _SELINUX_XFRM_H_ */