selinux: Cleanup the NetLabel glue code (accc6093) · Commits · e / devices / android_kernel_oneplus_sm8150

security/selinux/netlabel.c

+10 −28

Original line number	Diff line number	Diff line
		@@ -66,22 +66,24 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb,
		/**
		* selinux_netlbl_sock_setsid - Label a socket using the NetLabel mechanism
		* @sk: the socket to label
		* @sid: the SID to use
		*
		* Description:
		* Attempt to label a socket using the NetLabel mechanism using the given
		* SID. Returns zero values on success, negative values on failure.
		* Attempt to label a socket using the NetLabel mechanism. Returns zero values
		* on success, negative values on failure.
		*
		*/
		static int selinux_netlbl_sock_setsid(struct sock *sk, u32 sid)
		static int selinux_netlbl_sock_setsid(struct sock *sk)
		{
		int rc;
		struct sk_security_struct *sksec = sk->sk_security;
		struct netlbl_lsm_secattr secattr;

		if (sksec->nlbl_state != NLBL_REQUIRE)
		return 0;

		netlbl_secattr_init(&secattr);

		rc = security_netlbl_sid_to_secattr(sid, &secattr);
		rc = security_netlbl_sid_to_secattr(sksec->sid, &secattr);
		if (rc != 0)
		goto sock_setsid_return;
		rc = netlbl_sock_setattr(sk, &secattr);
		@@ -174,24 +176,10 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
		*/
		void selinux_netlbl_sock_graft(struct sock sk, struct socket sock)
		{
		struct sk_security_struct *sksec = sk->sk_security;
		struct netlbl_lsm_secattr secattr;
		u32 nlbl_peer_sid;

		if (sksec->nlbl_state != NLBL_REQUIRE)
		return;

		netlbl_secattr_init(&secattr);
		if (netlbl_sock_getattr(sk, &secattr) == 0 &&
		secattr.flags != NETLBL_SECATTR_NONE &&
		security_netlbl_secattr_to_sid(&secattr, &nlbl_peer_sid) == 0)
		sksec->peer_sid = nlbl_peer_sid;
		netlbl_secattr_destroy(&secattr);

		/* Try to set the NetLabel on the socket to save time later, if we fail
		* here we will pick up the pieces in later calls to
		* selinux_netlbl_inode_permission(). */
		selinux_netlbl_sock_setsid(sk, sksec->sid);
		selinux_netlbl_sock_setsid(sk);
		}

		/**
		@@ -205,13 +193,7 @@ void selinux_netlbl_sock_graft(struct sock sk, struct socket sock)
		*/
		int selinux_netlbl_socket_post_create(struct socket *sock)
		{
		struct sock *sk = sock->sk;
		struct sk_security_struct *sksec = sk->sk_security;

		if (sksec->nlbl_state != NLBL_REQUIRE)
		return 0;

		return selinux_netlbl_sock_setsid(sk, sksec->sid);
		return selinux_netlbl_sock_setsid(sock->sk);
		}

		/**
		@@ -246,7 +228,7 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
		local_bh_disable();
		bh_lock_sock_nested(sk);
		if (likely(sksec->nlbl_state == NLBL_REQUIRE))
		rc = selinux_netlbl_sock_setsid(sk, sksec->sid);
		rc = selinux_netlbl_sock_setsid(sk);
		else
		rc = 0;
		bh_unlock_sock(sk);