[MLSXFRM]: Fix build with SECURITY_NETWORK_XFRM disabled.
The following patch will fix the build problem (encountered by Andrew Morton) when SECURITY_NETWORK_XFRM is not enabled. As compared to git-net-selinux_xfrm_decode_session-build-fix.patch in -mm, this patch sets the return parameter sid to SECSID_NULL in selinux_xfrm_decode_session() and handles this value in the caller selinux_inet_conn_request() appropriately. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
4237c75c0a
commit
a51c64f1e5
|
@ -3591,6 +3591,11 @@ int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
|
|||
err = selinux_xfrm_decode_session(skb, &peersid, 0);
|
||||
BUG_ON(err);
|
||||
|
||||
if (peersid == SECSID_NULL) {
|
||||
req->secid = sksec->sid;
|
||||
return 0;
|
||||
}
|
||||
|
||||
err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
|
||||
if (err)
|
||||
return err;
|
||||
|
|
|
@ -20,7 +20,6 @@ int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
|
|||
int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
|
||||
struct xfrm_policy *xp, struct flowi *fl);
|
||||
int selinux_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm);
|
||||
int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall);
|
||||
|
||||
|
||||
/*
|
||||
|
@ -41,6 +40,7 @@ int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
|
|||
struct avc_audit_data *ad);
|
||||
u32 selinux_socket_getpeer_stream(struct sock *sk);
|
||||
u32 selinux_socket_getpeer_dgram(struct sk_buff *skb);
|
||||
int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
|
||||
#else
|
||||
static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
|
||||
struct avc_audit_data *ad)
|
||||
|
@ -63,6 +63,11 @@ static inline int selinux_socket_getpeer_dgram(struct sk_buff *skb)
|
|||
{
|
||||
return SECSID_NULL;
|
||||
}
|
||||
static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
|
||||
{
|
||||
*sid = SECSID_NULL;
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* _SELINUX_XFRM_H_ */
|
||||
|
|
Loading…
Reference in New Issue
Block a user