diff options
Diffstat (limited to 'security/selinux/xfrm.c')
| -rw-r--r-- | security/selinux/xfrm.c | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 0e24df41099f..6633fb059313 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
| @@ -387,18 +387,12 @@ int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb) | |||
| 387 | struct xfrm_state *x = dst_test->xfrm; | 387 | struct xfrm_state *x = dst_test->xfrm; |
| 388 | 388 | ||
| 389 | if (x && selinux_authorizable_xfrm(x)) | 389 | if (x && selinux_authorizable_xfrm(x)) |
| 390 | goto accept; | 390 | goto out; |
| 391 | } | 391 | } |
| 392 | } | 392 | } |
| 393 | 393 | ||
| 394 | rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION, | 394 | rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION, |
| 395 | ASSOCIATION__SENDTO, NULL); | 395 | ASSOCIATION__SENDTO, NULL); |
| 396 | if (rc) | 396 | out: |
| 397 | goto drop; | 397 | return rc; |
| 398 | |||
| 399 | accept: | ||
| 400 | return NF_ACCEPT; | ||
| 401 | |||
| 402 | drop: | ||
| 403 | return NF_DROP; | ||
| 404 | } | 398 | } |