openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

selinux: cleanup selinux_xfrm_decode_session() 

Some basic simplification.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Paul Moore 2013-07-23 17:38:40 -04:00 committed by Eric Paris
parent 4baabeec2a
commit e219369580
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
security/selinux/xfrm.c
View File

@ -215,34 +215,35 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
*/ */
int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
{ {
u32 sid_session = SECSID_NULL;
struct sec_path *sp; struct sec_path *sp;
*sid = SECSID_NULL;
if (skb == NULL) if (skb == NULL)
return 0; goto out;
sp = skb->sp; sp = skb->sp;
if (sp) { if (sp) {
int i, sid_set = 0; int i;
for (i = sp->len-1; i >= 0; i--) { for (i = sp->len - 1; i >= 0; i--) {
struct xfrm_state *x = sp->xvec[i]; struct xfrm_state *x = sp->xvec[i];
if (selinux_authorizable_xfrm(x)) { if (selinux_authorizable_xfrm(x)) {
struct xfrm_sec_ctx *ctx = x->security; struct xfrm_sec_ctx *ctx = x->security;
if (!sid_set) { if (sid_session == SECSID_NULL) {
*sid = ctx->ctx_sid; sid_session = ctx->ctx_sid;
sid_set = 1;
if (!ckall) if (!ckall)
break; goto out;
} else if (*sid != ctx->ctx_sid) } else if (sid_session != ctx->ctx_sid) {
*sid = SECSID_NULL;
return -EINVAL; return -EINVAL;
}
} }
} }
} }
out:
*sid = sid_session;
return 0; return 0;
} }