diff options
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5ba13908b5b4..40d06c533f89 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -5653,27 +5653,20 @@ static struct nf_hook_ops selinux_ipv6_ops[] = { | |||
5653 | static int __init selinux_nf_ip_init(void) | 5653 | static int __init selinux_nf_ip_init(void) |
5654 | { | 5654 | { |
5655 | int err = 0; | 5655 | int err = 0; |
5656 | u32 iter; | ||
5657 | 5656 | ||
5658 | if (!selinux_enabled) | 5657 | if (!selinux_enabled) |
5659 | goto out; | 5658 | goto out; |
5660 | 5659 | ||
5661 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); | 5660 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); |
5662 | 5661 | ||
5663 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) { | 5662 | err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); |
5664 | err = nf_register_hook(&selinux_ipv4_ops[iter]); | 5663 | if (err) |
5665 | if (err) | 5664 | panic("SELinux: nf_register_hooks for IPv4: error %d\n", err); |
5666 | panic("SELinux: nf_register_hook for IPv4: error %d\n", | ||
5667 | err); | ||
5668 | } | ||
5669 | 5665 | ||
5670 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5666 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
5671 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) { | 5667 | err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); |
5672 | err = nf_register_hook(&selinux_ipv6_ops[iter]); | 5668 | if (err) |
5673 | if (err) | 5669 | panic("SELinux: nf_register_hooks for IPv6: error %d\n", err); |
5674 | panic("SELinux: nf_register_hook for IPv6: error %d\n", | ||
5675 | err); | ||
5676 | } | ||
5677 | #endif /* IPV6 */ | 5670 | #endif /* IPV6 */ |
5678 | 5671 | ||
5679 | out: | 5672 | out: |
@@ -5685,15 +5678,11 @@ __initcall(selinux_nf_ip_init); | |||
5685 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 5678 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
5686 | static void selinux_nf_ip_exit(void) | 5679 | static void selinux_nf_ip_exit(void) |
5687 | { | 5680 | { |
5688 | u32 iter; | ||
5689 | |||
5690 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); | 5681 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); |
5691 | 5682 | ||
5692 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) | 5683 | nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); |
5693 | nf_unregister_hook(&selinux_ipv4_ops[iter]); | ||
5694 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5684 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
5695 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) | 5685 | nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); |
5696 | nf_unregister_hook(&selinux_ipv6_ops[iter]); | ||
5697 | #endif /* IPV6 */ | 5686 | #endif /* IPV6 */ |
5698 | } | 5687 | } |
5699 | #endif | 5688 | #endif |