diff options
author | Paul Moore <paul.moore@hp.com> | 2009-05-08 17:59:02 -0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-05-18 16:34:53 -0700 |
commit | f9ab4fc0b47241807b355150dc82f826f2909a12 (patch) | |
tree | ed07bef4c57a1faad0f7e91054f510e9f9316932 /security | |
parent | 49422544ff78bffea8049da14adf9c45d02fccd6 (diff) |
selinux: Remove dead code labeled networking code
[NOTE: based on 389fb800ac8be2832efedd19978a2b8ced37eb61]
Remove code that is no longer needed by NetLabel and/or SELinux.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/netlabel.c | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 54ff90deb224..5786c8c58a62 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -100,41 +100,6 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) } /** - * selinux_netlbl_sock_setsid - Label a socket using the NetLabel mechanism - * @sk: the socket to label - * - * Description: - * Attempt to label a socket using the NetLabel mechanism. Returns zero values - * on success, negative values on failure. - * - */ -static int selinux_netlbl_sock_setsid(struct sock *sk) -{ - int rc; - struct sk_security_struct *sksec = sk->sk_security; - struct netlbl_lsm_secattr *secattr; - - if (sksec->nlbl_state != NLBL_REQUIRE) - return 0; - - secattr = selinux_netlbl_sock_genattr(sk); - if (secattr == NULL) - return -ENOMEM; - rc = netlbl_sock_setattr(sk, secattr); - switch (rc) { - case 0: - sksec->nlbl_state = NLBL_LABELED; - break; - case -EDESTADDRREQ: - sksec->nlbl_state = NLBL_REQSKB; - rc = 0; - break; - } - - return rc; -} - -/** * selinux_netlbl_cache_invalidate - Invalidate the NetLabel cache * * Description: @@ -361,48 +326,6 @@ int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) } /** - * selinux_netlbl_inode_permission - Verify the socket is NetLabel labeled - * @inode: the file descriptor's inode - * @mask: the permission mask - * - * Description: - * Looks at a file's inode and if it is marked as a socket protected by - * NetLabel then verify that the socket has been labeled, if not try to label - * the socket now with the inode's SID. Returns zero on success, negative - * values on failure. - * - */ -int selinux_netlbl_inode_permission(struct inode *inode, int mask) -{ - int rc; - struct sock *sk; - struct socket *sock; - struct sk_security_struct *sksec; - - if (!S_ISSOCK(inode->i_mode) || - ((mask & (MAY_WRITE | MAY_APPEND)) == 0)) - return 0; - sock = SOCKET_I(inode); - sk = sock->sk; - if (sk == NULL) - return 0; - sksec = sk->sk_security; - if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE) - return 0; - - local_bh_disable(); - bh_lock_sock_nested(sk); - if (likely(sksec->nlbl_state == NLBL_REQUIRE)) - rc = selinux_netlbl_sock_setsid(sk); - else - rc = 0; - bh_unlock_sock(sk); - local_bh_enable(); - - return rc; -} - -/** * selinux_netlbl_sock_rcv_skb - Do an inbound access check using NetLabel * @sksec: the sock's sk_security_struct * @skb: the packet |