diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3481cde5bf15..da36dac6535f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -5654,27 +5654,20 @@ static struct nf_hook_ops selinux_ipv6_ops[] = { | |||
| 5654 | static int __init selinux_nf_ip_init(void) | 5654 | static int __init selinux_nf_ip_init(void) |
| 5655 | { | 5655 | { |
| 5656 | int err = 0; | 5656 | int err = 0; |
| 5657 | u32 iter; | ||
| 5658 | 5657 | ||
| 5659 | if (!selinux_enabled) | 5658 | if (!selinux_enabled) |
| 5660 | goto out; | 5659 | goto out; |
| 5661 | 5660 | ||
| 5662 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); | 5661 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); |
| 5663 | 5662 | ||
| 5664 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) { | 5663 | err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); |
| 5665 | err = nf_register_hook(&selinux_ipv4_ops[iter]); | 5664 | if (err) |
| 5666 | if (err) | 5665 | panic("SELinux: nf_register_hooks for IPv4: error %d\n", err); |
| 5667 | panic("SELinux: nf_register_hook for IPv4: error %d\n", | ||
| 5668 | err); | ||
| 5669 | } | ||
| 5670 | 5666 | ||
| 5671 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5667 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
| 5672 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) { | 5668 | err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); |
| 5673 | err = nf_register_hook(&selinux_ipv6_ops[iter]); | 5669 | if (err) |
| 5674 | if (err) | 5670 | panic("SELinux: nf_register_hooks for IPv6: error %d\n", err); |
| 5675 | panic("SELinux: nf_register_hook for IPv6: error %d\n", | ||
| 5676 | err); | ||
| 5677 | } | ||
| 5678 | #endif /* IPV6 */ | 5671 | #endif /* IPV6 */ |
| 5679 | 5672 | ||
| 5680 | out: | 5673 | out: |
| @@ -5686,15 +5679,11 @@ __initcall(selinux_nf_ip_init); | |||
| 5686 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 5679 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
| 5687 | static void selinux_nf_ip_exit(void) | 5680 | static void selinux_nf_ip_exit(void) |
| 5688 | { | 5681 | { |
| 5689 | u32 iter; | ||
| 5690 | |||
| 5691 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); | 5682 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); |
| 5692 | 5683 | ||
| 5693 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) | 5684 | nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); |
| 5694 | nf_unregister_hook(&selinux_ipv4_ops[iter]); | ||
| 5695 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5685 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
| 5696 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) | 5686 | nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); |
| 5697 | nf_unregister_hook(&selinux_ipv6_ops[iter]); | ||
| 5698 | #endif /* IPV6 */ | 5687 | #endif /* IPV6 */ |
| 5699 | } | 5688 | } |
| 5700 | #endif | 5689 | #endif |