SELinux: Convert the netif code to use ifindex values The current SELinux netif code requires the caller have a valid net_device struct pointer to lookup network interface information. However, we don't always have a valid net_device pointer so convert the netif code to use the ifindex values we always have as part of the sk_buff. This patch also removes the default message SID from the network interface record, it is not being used and therefore is "dead code". Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6 [log] [tgz]
author: Paul Moore <paul.moore@hp.com> Tue Jan 29 08:38:08 2008 -0500
committer: James Morris <jmorris@namei.org> Wed Jan 30 08:17:21 2008 +1100
tree: 0d786c0ad972e43d1128296b8e7ae47275ab3ebd
parent: 75e22910cf0c26802b09dac2e34c13e648d3ed02 [diff] [blame]
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 0f97ef5..8dfaa3e 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c

@@ -1478,11 +1478,8 @@
  * security_netif_sid - Obtain the SID for a network interface.
  * @name: interface name
  * @if_sid: interface SID
- * @msg_sid: default SID for received packets
  */
-int security_netif_sid(char *name,
-		       u32 *if_sid,
-		       u32 *msg_sid)
+int security_netif_sid(char *name, u32 *if_sid)
 {
 	int rc = 0;
 	struct ocontext *c;
@@ -1510,11 +1507,8 @@
 				goto out;
 		}
 		*if_sid = c->sid[0];
-		*msg_sid = c->sid[1];
-	} else {
+	} else
 		*if_sid = SECINITSID_NETIF;
-		*msg_sid = SECINITSID_NETMSG;
-	}
 
 out:
 	POLICY_RDUNLOCK;
commit	e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6	[log] [tgz]
author	Paul Moore <paul.moore@hp.com>	Tue Jan 29 08:38:08 2008 -0500
committer	James Morris <jmorris@namei.org>	Wed Jan 30 08:17:21 2008 +1100
tree	0d786c0ad972e43d1128296b8e7ae47275ab3ebd
parent	75e22910cf0c26802b09dac2e34c13e648d3ed02 [diff] [blame]