SELinux: Convert the netif code to use ifindex values The current SELinux netif code requires the caller have a valid net_device struct pointer to lookup network interface information. However, we don't always have a valid net_device pointer so convert the netif code to use the ifindex values we always have as part of the sk_buff. This patch also removes the default message SID from the network interface record, it is not being used and therefore is "dead code". Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6 [log] [tgz]
author: Paul Moore <paul.moore@hp.com> Tue Jan 29 08:38:08 2008 -0500
committer: James Morris <jmorris@namei.org> Wed Jan 30 08:17:21 2008 +1100
tree: 0d786c0ad972e43d1128296b8e7ae47275ab3ebd
parent: 75e22910cf0c26802b09dac2e34c13e648d3ed02 [diff] [blame]
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5df1207..be54433 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c

@@ -3853,7 +3853,7 @@
 	if (!skb->dev)
 		goto out;
 
-	err = sel_netif_sids(skb->dev, &if_sid, NULL);
+	err = sel_netif_sid(skb->iif, &if_sid);
 	if (err)
 		goto out;
 
@@ -4178,7 +4178,7 @@
 
 	isec = inode->i_security;
 	
-	err = sel_netif_sids(dev, &if_sid, NULL);
+	err = sel_netif_sid(dev->ifindex, &if_sid);
 	if (err)
 		goto out;
commit	e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6	[log] [tgz]
author	Paul Moore <paul.moore@hp.com>	Tue Jan 29 08:38:08 2008 -0500
committer	James Morris <jmorris@namei.org>	Wed Jan 30 08:17:21 2008 +1100
tree	0d786c0ad972e43d1128296b8e7ae47275ab3ebd
parent	75e22910cf0c26802b09dac2e34c13e648d3ed02 [diff] [blame]