From 3de4bab5b9f8848a0c16a4b1ffe0452f0d670237 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Fri, 17 Nov 2006 17:38:54 -0500 Subject: SELinux: peer secid consolidation for external network labeling Now that labeled IPsec makes use of the peer_sid field in the sk_security_struct we can remove a lot of the special cases between labeled IPsec and NetLabel. In addition, create a new function, security_skb_extlbl_sid(), which we can use in several places to get the security context of the packet's external label which allows us to further simplify the code in a few places. Signed-off-by: Paul Moore Signed-off-by: James Morris --- security/selinux/include/security.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'security/selinux/include/security.h') diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 1ef79172cc8c..015f697e925f 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -8,6 +8,7 @@ #ifndef _SELINUX_SECURITY_H_ #define _SELINUX_SECURITY_H_ +#include #include "flask.h" #define SECSID_NULL 0x00000000 /* unspecified SID */ @@ -80,6 +81,8 @@ int security_netif_sid(char *name, u32 *if_sid, int security_node_sid(u16 domain, void *addr, u32 addrlen, u32 *out_sid); +void security_skb_extlbl_sid(struct sk_buff *skb, u32 base_sid, u32 *sid); + int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, u16 tclass); -- cgit v1.2.3 From bb22f58087fdf8b617803c9b65bc86c6d26b5115 Mon Sep 17 00:00:00 2001 From: James Morris Date: Fri, 17 Nov 2006 23:01:03 -0500 Subject: Compile fix for "peer secid consolidation for external network labeling" Use a forward declaration instead of dragging in skbuff.h and related junk. Signed-off-by: James Morris --- security/selinux/include/security.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'security/selinux/include/security.h') diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 015f697e925f..210eec77e7ff 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -8,7 +8,6 @@ #ifndef _SELINUX_SECURITY_H_ #define _SELINUX_SECURITY_H_ -#include #include "flask.h" #define SECSID_NULL 0x00000000 /* unspecified SID */ @@ -35,6 +34,8 @@ #define POLICYDB_VERSION_MAX POLICYDB_VERSION_RANGETRANS #endif +struct sk_buff; + extern int selinux_enabled; extern int selinux_mls_enabled; -- cgit v1.2.3