diff options
Diffstat (limited to 'security/selinux/xfrm.c')
| -rw-r--r-- | security/selinux/xfrm.c | 40 | 
1 files changed, 3 insertions, 37 deletions
| diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 4d5a043cdfa1..8fef74271f22 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -184,7 +184,8 @@ int selinux_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm,  }  /* - * LSM hook implementation that determines the sid for the session. + * LSM hook implementation that checks and/or returns the xfrm sid for the + * incoming packet.   */  int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) @@ -403,43 +404,8 @@ void selinux_xfrm_state_free(struct xfrm_state *x)  }  /* - * SELinux internal function to retrieve the context of a connected - * (sk->sk_state == TCP_ESTABLISHED) TCP socket based on its security - * association used to connect to the remote socket. - * - * Retrieve via getsockopt SO_PEERSEC. - */ -u32 selinux_socket_getpeer_stream(struct sock *sk) -{ -	struct dst_entry *dst, *dst_test; -	u32 peer_sid = SECSID_NULL; - -	if (sk->sk_state != TCP_ESTABLISHED) -		goto out; - -	dst = sk_dst_get(sk); -	if (!dst) -		goto out; - - 	for (dst_test = dst; dst_test != 0; -      	     dst_test = dst_test->child) { -		struct xfrm_state *x = dst_test->xfrm; - - 		if (x && selinux_authorizable_xfrm(x)) { -	 	 	struct xfrm_sec_ctx *ctx = x->security; -			peer_sid = ctx->ctx_sid; -			break; -		} -	} -	dst_release(dst); - -out: -	return peer_sid; -} - -/*   * SELinux internal function to retrieve the context of a UDP packet - * based on its security association used to connect to the remote socket. + * based on its security association.   *   * Retrieve via setsockopt IP_PASSSEC and recvmsg with control message   * type SCM_SECURITY. | 
