diff options
author | Paul Moore <paul.moore@hp.com> | 2006-11-18 01:38:54 +0300 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 08:24:14 +0300 |
commit | 3de4bab5b9f8848a0c16a4b1ffe0452f0d670237 (patch) | |
tree | f65c12b53bf2ad02645ea31522f67e7318019498 /security/selinux/xfrm.c | |
parent | 9f2ad66509b182b399a5b03de487f45bde623524 (diff) | |
download | linux-3de4bab5b9f8848a0c16a4b1ffe0452f0d670237.tar.xz |
SELinux: peer secid consolidation for external network labeling
Now that labeled IPsec makes use of the peer_sid field in the
sk_security_struct we can remove a lot of the special cases between labeled
IPsec and NetLabel. In addition, create a new function,
security_skb_extlbl_sid(), which we can use in several places to get the
security context of the packet's external label which allows us to further
simplify the code in a few places.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/xfrm.c')
-rw-r--r-- | security/selinux/xfrm.c | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 9b777140068f..bd8d1ef40a90 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -372,39 +372,6 @@ void selinux_xfrm_state_free(struct xfrm_state *x) kfree(ctx); } -/* - * SELinux internal function to retrieve the context of a UDP packet - * based on its security association. - * - * Retrieve via setsockopt IP_PASSSEC and recvmsg with control message - * type SCM_SECURITY. - */ -u32 selinux_socket_getpeer_dgram(struct sk_buff *skb) -{ - struct sec_path *sp; - - if (skb == NULL) - return SECSID_NULL; - - if (skb->sk->sk_protocol != IPPROTO_UDP) - return SECSID_NULL; - - sp = skb->sp; - if (sp) { - int i; - - for (i = sp->len-1; i >= 0; i--) { - struct xfrm_state *x = sp->xvec[i]; - if (selinux_authorizable_xfrm(x)) { - struct xfrm_sec_ctx *ctx = x->security; - return ctx->ctx_sid; - } - } - } - - return SECSID_NULL; -} - /* * LSM hook implementation that authorizes deletion of labeled SAs. */ |