summaryrefslogtreecommitdiffstats
path: root/security/selinux/include/netlabel.h
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-01-29 14:38:23 +0100
committerJames Morris <jmorris@namei.org>2008-01-29 22:17:25 +0100
commit220deb966ea51e0dedb6a187c0763120809f3e64 (patch)
tree7d0e5dd8048907c364b4eeff294991937b466c7e /security/selinux/include/netlabel.h
parentSELinux: Add a new peer class and permissions to the Flask definitions (diff)
downloadlinux-220deb966ea51e0dedb6a187c0763120809f3e64.tar.xz
linux-220deb966ea51e0dedb6a187c0763120809f3e64.zip
SELinux: Better integration between peer labeling subsystems
Rework the handling of network peer labels so that the different peer labeling subsystems work better together. This includes moving both subsystems to a single "peer" object class which involves not only changes to the permission checks but an improved method of consolidating multiple packet peer labels. As part of this work the inbound packet permission check code has been heavily modified to handle both the old and new behavior in as sane a fashion as possible. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include/netlabel.h')
-rw-r--r--security/selinux/include/netlabel.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h
index 272769a1cb96..c8c05a6f298c 100644
--- a/security/selinux/include/netlabel.h
+++ b/security/selinux/include/netlabel.h
@@ -49,6 +49,7 @@ void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec,
int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
u16 family,
u32 base_sid,
+ u32 *type,
u32 *sid);
void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock);
@@ -89,8 +90,10 @@ static inline void selinux_netlbl_sk_security_clone(
static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
u16 family,
u32 base_sid,
+ u32 *type,
u32 *sid)
{
+ *type = NETLBL_NLTYPE_NONE;
*sid = SECSID_NULL;
return 0;
}