SELinux: peer secid consolidation for external network labeling Now that labeled IPsec makes use of the peer_sid field in the sk_security_struct we can remove a lot of the special cases between labeled IPsec and NetLabel. In addition, create a new function, security_skb_extlbl_sid(), which we can use in several places to get the security context of the packet's external label which allows us to further simplify the code in a few places. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: 3de4bab5b9f8848a0c16a4b1ffe0452f0d670237 [log] [tgz]
author: Paul Moore <paul.moore@hp.com> Fri Nov 17 17:38:54 2006 -0500
committer: David S. Miller <davem@sunset.davemloft.net> Sat Dec 02 21:24:14 2006 -0800
tree: f65c12b53bf2ad02645ea31522f67e7318019498
parent: 9f2ad66509b182b399a5b03de487f45bde623524 [diff] [blame]
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 1ef7917..015f697 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h

@@ -8,6 +8,7 @@
 #ifndef _SELINUX_SECURITY_H_
 #define _SELINUX_SECURITY_H_
 
+#include <linux/skbuff.h>
 #include "flask.h"
 
 #define SECSID_NULL			0x00000000 /* unspecified SID */
@@ -80,6 +81,8 @@
 int security_node_sid(u16 domain, void *addr, u32 addrlen,
 	u32 *out_sid);
 
+void security_skb_extlbl_sid(struct sk_buff *skb, u32 base_sid, u32 *sid);
+
 int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
                                  u16 tclass);
commit	3de4bab5b9f8848a0c16a4b1ffe0452f0d670237	[log] [tgz]
author	Paul Moore <paul.moore@hp.com>	Fri Nov 17 17:38:54 2006 -0500
committer	David S. Miller <davem@sunset.davemloft.net>	Sat Dec 02 21:24:14 2006 -0800
tree	f65c12b53bf2ad02645ea31522f67e7318019498
parent	9f2ad66509b182b399a5b03de487f45bde623524 [diff] [blame]