commit 3de4bab5b9f8848a0c16a4b1ffe0452f0d670237
author Paul Moore <paul.moore@hp.com> Fri Nov 17 17:38:54 2006 -0500
committer David S. Miller <davem@sunset.davemloft.net> Sat Dec 02 21:24:14 2006 -0800
tree f65c12b53bf2ad02645ea31522f67e7318019498
parent 9f2ad66509b182b399a5b03de487f45bde623524

SELinux: peer secid consolidation for external network labeling

Now that labeled IPsec makes use of the peer_sid field in the
sk_security_struct we can remove a lot of the special cases between labeled
IPsec and NetLabel.  In addition, create a new function,
security_skb_extlbl_sid(), which we can use in several places to get the
security context of the packet's external label which allows us to further
simplify the code in a few places.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

security/selinux/include/security.h

diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 1ef7917..015f697 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -8,6 +8,7 @@
 #ifndef _SELINUX_SECURITY_H_
 #define _SELINUX_SECURITY_H_
 
+#include <linux/skbuff.h>
 #include "flask.h"
 
 #define SECSID_NULL			0x00000000 /* unspecified SID */
@@ -80,6 +81,8 @@
 int security_node_sid(u16 domain, void *addr, u32 addrlen,
 	u32 *out_sid);
 
+void security_skb_extlbl_sid(struct sk_buff *skb, u32 base_sid, u32 *sid);
+
 int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
                                  u16 tclass);