summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2013-07-23 17:38:38 -0400
committerEric Paris <eparis@redhat.com>2013-07-25 13:01:25 -0400
commit2e5aa86609ec1cf37bcc204fd7ba6c24c2f49fec (patch)
treedfe240f974ba5437143fa8869813ac634731d860 /security/security.c
parent8bb495e3f02401ee6f76d1b1d77f3ac9f079e376 (diff)
downloadlwn-2e5aa86609ec1cf37bcc204fd7ba6c24c2f49fec.tar.gz
lwn-2e5aa86609ec1cf37bcc204fd7ba6c24c2f49fec.zip
lsm: split the xfrm_state_alloc_security() hook implementation
The xfrm_state_alloc_security() LSM hook implementation is really a multiplexed hook with two different behaviors depending on the arguments passed to it by the caller. This patch splits the LSM hook implementation into two new hook implementations, which match the LSM hooks in the rest of the kernel: * xfrm_state_alloc * xfrm_state_alloc_acquire Also included in this patch are the necessary changes to the SELinux code; no other LSMs are affected. Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/security/security.c b/security/security.c
index a3dce87d1aef..57e25c962968 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1322,22 +1322,17 @@ int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
return security_ops->xfrm_policy_delete_security(ctx);
}
-int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
+int security_xfrm_state_alloc(struct xfrm_state *x,
+ struct xfrm_user_sec_ctx *sec_ctx)
{
- return security_ops->xfrm_state_alloc_security(x, sec_ctx, 0);
+ return security_ops->xfrm_state_alloc(x, sec_ctx);
}
EXPORT_SYMBOL(security_xfrm_state_alloc);
int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
struct xfrm_sec_ctx *polsec, u32 secid)
{
- if (!polsec)
- return 0;
- /*
- * We want the context to be taken from secid which is usually
- * from the sock.
- */
- return security_ops->xfrm_state_alloc_security(x, NULL, secid);
+ return security_ops->xfrm_state_alloc_acquire(x, polsec, secid);
}
int security_xfrm_state_delete(struct xfrm_state *x)