netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections
This patch cleans up a lot of the Smack network access control code. The largest changes are to fix the labeling of incoming TCP connections in a manner similar to the recent SELinux changes which use the security_inet_conn_request() hook to label the request_sock and let the label move to the child socket via the normal network stack mechanisms. In addition to the incoming TCP connection fixes this patch also removes the smk_labled field from the socket_smack struct as the minor optimization advantage was outweighed by the difficulty in maintaining it's proper state. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Paul Moore
James Morris
@@ -860,6 +860,19 @@ req_setattr_return:
|
||||
return ret_val;
|
||||
}
|
||||
|
||||
/**
|
||||
* netlbl_req_delattr - Delete all the NetLabel labels on a socket
|
||||
* @req: the socket
|
||||
*
|
||||
* Description:
|
||||
* Remove all the NetLabel labeling from @req.
|
||||
*
|
||||
*/
|
||||
void netlbl_req_delattr(struct request_sock *req)
|
||||
{
|
||||
cipso_v4_req_delattr(req);
|
||||
}
|
||||
|
||||
/**
|
||||
* netlbl_skbuff_setattr - Label a packet using the correct protocol
|
||||
* @skb: the packet
|
||||
|
||||
Reference in New Issue
Block a user