commit e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6
author Paul Moore <paul.moore@hp.com> Tue Jan 29 08:38:08 2008 -0500
committer James Morris <jmorris@namei.org> Wed Jan 30 08:17:21 2008 +1100
tree 0d786c0ad972e43d1128296b8e7ae47275ab3ebd
parent 75e22910cf0c26802b09dac2e34c13e648d3ed02

SELinux: Convert the netif code to use ifindex values

The current SELinux netif code requires the caller have a valid net_device
struct pointer to lookup network interface information.  However, we don't
always have a valid net_device pointer so convert the netif code to use
the ifindex values we always have as part of the sk_buff.  This patch also
removes the default message SID from the network interface record, it is
not being used and therefore is "dead code".

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

security/selinux/include/netif.h

diff --git a/security/selinux/include/netif.h b/security/selinux/include/netif.h
index 8bd6f99..ce23edd 100644
--- a/security/selinux/include/netif.h
+++ b/security/selinux/include/netif.h
@@ -7,6 +7,8 @@
  * Author: James Morris <jmorris@redhat.com>
  *
  * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
+ *                    Paul Moore, <paul.moore@hp.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2,
@@ -15,7 +17,7 @@
 #ifndef _SELINUX_NETIF_H_
 #define _SELINUX_NETIF_H_
 
-int sel_netif_sids(struct net_device *dev, u32 *if_sid, u32 *msg_sid);
+int sel_netif_sid(int ifindex, u32 *sid);
 
 #endif	/* _SELINUX_NETIF_H_ */
 

security/selinux/include/objsec.h

diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 4138a80..2d0a92e9 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -96,9 +96,8 @@
 };
 
 struct netif_security_struct {
-	struct net_device *dev;		/* back pointer */
-	u32 if_sid;			/* SID for this interface */
-	u32 msg_sid;			/* default SID for messages received on this interface */
+	int ifindex;			/* device index */
+	u32 sid;			/* SID for this interface */
 };
 
 struct sk_security_struct {

security/selinux/include/security.h

diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 39337af..a33437b 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -77,8 +77,7 @@
 int security_port_sid(u16 domain, u16 type, u8 protocol, u16 port,
 	u32 *out_sid);
 
-int security_netif_sid(char *name, u32 *if_sid,
-	u32 *msg_sid);
+int security_netif_sid(char *name, u32 *if_sid);
 
 int security_node_sid(u16 domain, void *addr, u32 addrlen,
 	u32 *out_sid);