SELinux: move security_skb_extlbl_sid() out of the security server

	return ret;

}

/**

 * selinux_skb_extlbl_sid - Determine the external label of a packet

 * @skb: the packet

 * @base_sid: the SELinux SID to use as a context for MLS only external labels

 * @sid: the packet's SID

 *

 * Description:

 * Check the various different forms of external packet labeling and determine

 * the external SID for the packet.

 *

 */

static void selinux_skb_extlbl_sid(struct sk_buff *skb,

				   u32 base_sid,

				   u32 *sid)

{

	u32 xfrm_sid;

	u32 nlbl_sid;

	selinux_skb_xfrm_sid(skb, &xfrm_sid);

	if (selinux_netlbl_skbuff_getsid(skb,

					 (xfrm_sid == SECSID_NULL ?

					  base_sid : xfrm_sid),

					 &nlbl_sid) != 0)

		nlbl_sid = SECSID_NULL;

	*sid = (nlbl_sid == SECSID_NULL ? xfrm_sid : nlbl_sid);

}

/* socket security operations */

static int socket_has_perm(struct task_struct *task, struct socket *sock,

			   u32 perms)

	if (sock && sock->sk->sk_family == PF_UNIX)

		selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);

	else if (skb)

		security_skb_extlbl_sid(skb,

					SECINITSID_UNLABELED,

					&peer_secid);

		selinux_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &peer_secid);

	if (peer_secid == SECSID_NULL)

		err = -EINVAL;

	u32 newsid;

	u32 peersid;

	security_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &peersid);

	selinux_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &peersid);

	if (peersid == SECSID_NULL) {

		req->secid = sksec->sid;

		req->peer_secid = SECSID_NULL;

{

	struct sk_security_struct *sksec = sk->sk_security;

	security_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &sksec->peer_sid);

	selinux_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &sksec->peer_sid);

}

static void selinux_req_classify_flow(const struct request_sock *req,

#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_RANGETRANS

#endif

struct sk_buff;

struct netlbl_lsm_secattr;

extern int selinux_enabled;

int security_node_sid(u16 domain, void *addr, u32 addrlen,

	u32 *out_sid);

void security_skb_extlbl_sid(struct sk_buff *skb, u32 base_sid, u32 *sid);

int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,

                                 u16 tclass);

#include <linux/sched.h>

#include <linux/audit.h>

#include <linux/mutex.h>

#include <net/sock.h>

#include <net/netlabel.h>

#include "flask.h"

	aurule_callback = callback;

}

/**

 * security_skb_extlbl_sid - Determine the external label of a packet

 * @skb: the packet

 * @base_sid: the SELinux SID to use as a context for MLS only external labels

 * @sid: the packet's SID

 *

 * Description:

 * Check the various different forms of external packet labeling and determine

 * the external SID for the packet.

 *

 */

void security_skb_extlbl_sid(struct sk_buff *skb, u32 base_sid, u32 *sid)

{

	u32 xfrm_sid;

	u32 nlbl_sid;

	selinux_skb_xfrm_sid(skb, &xfrm_sid);

	if (selinux_netlbl_skbuff_getsid(skb,

					 (xfrm_sid == SECSID_NULL ?

					  base_sid : xfrm_sid),

					 &nlbl_sid) != 0)

		nlbl_sid = SECSID_NULL;

	*sid = (nlbl_sid == SECSID_NULL ? xfrm_sid : nlbl_sid);

}

#ifdef CONFIG_NETLABEL

/*

 * NetLabel cache structure