diff options
| author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-10-12 07:38:59 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-10-12 07:38:59 -0700 |
| commit | 9ff4680e9958508bebc5c683b98f37b66617e088 (patch) | |
| tree | 4d3e1ae5ba9c7fcba0a76ea2e577da0c84e75f71 /include/linux | |
| parent | 83d3d3c52468394419474d053df9dfe60d8f21c2 (diff) | |
| parent | 30bdbe397bf58131a91fd836f60972442bed0544 (diff) | |
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[PKT_SCHED] sch_htb: use rb_first() cleanup
[RTNETLINK]: Fix use of wrong skb in do_getlink()
[DECNET]: Fix sfuzz hanging on 2.6.18
[NET]: Do not memcmp() over pad bytes of struct flowi.
[NET]: Introduce protocol-specific destructor for time-wait sockets.
[NET]: Use typesafe inet_twsk() inline function instead of cast.
[NET]: Use hton{l,s}() for non-initializers.
[TCP]: Use TCPOLEN_TSTAMP_ALIGNED macro instead of magic number.
[IPV6]: Seperate sit driver to extra module (addrconf.c changes)
[IPV6]: Seperate sit driver to extra module
[NET]: File descriptor loss while receiving SCM_RIGHTS
[SCTP]: Fix the RX queue size shown in /proc/net/sctp/assocs output.
[SCTP]: Fix receive buffer accounting.
SELinux: Bug fix in polidydb_destroy
IPsec: fix handling of errors for socket policies
IPsec: correct semantics for SELinux policy matching
IPsec: propagate security module errors up from flow_cache_lookup
NetLabel: use SECINITSID_UNLABELED for a base SID
NetLabel: fix a cache race condition
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/security.h | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 9b5fea81f55..b200b9856f3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -882,7 +882,8 @@ struct request_sock; * Check permission when a flow selects a xfrm_policy for processing * XFRMs on a packet. The hook is called when selecting either a * per-socket policy or a generic xfrm policy. - * Return 0 if permission is granted. + * Return 0 if permission is granted, -ESRCH otherwise, or -errno + * on other errors. * @xfrm_state_pol_flow_match: * @x contains the state to match. * @xp contains the policy to check for a match. @@ -891,6 +892,7 @@ struct request_sock; * @xfrm_flow_state_match: * @fl contains the flow key to match. * @xfrm points to the xfrm_state to match. + * @xp points to the xfrm_policy to match. * Return 1 if there is a match. * @xfrm_decode_session: * @skb points to skb to decode. @@ -1388,7 +1390,8 @@ struct security_operations { int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir); int (*xfrm_state_pol_flow_match)(struct xfrm_state *x, struct xfrm_policy *xp, struct flowi *fl); - int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm); + int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm, + struct xfrm_policy *xp); int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall); #endif /* CONFIG_SECURITY_NETWORK_XFRM */ @@ -3120,11 +3123,6 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL); } -static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk) -{ - return security_ops->xfrm_policy_alloc_security(xp, NULL, sk); -} - static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) { return security_ops->xfrm_policy_clone_security(old, new); @@ -3175,9 +3173,10 @@ static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, return security_ops->xfrm_state_pol_flow_match(x, xp, fl); } -static inline int security_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm) +static inline int security_xfrm_flow_state_match(struct flowi *fl, + struct xfrm_state *xfrm, struct xfrm_policy *xp) { - return security_ops->xfrm_flow_state_match(fl, xfrm); + return security_ops->xfrm_flow_state_match(fl, xfrm, xp); } static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) @@ -3197,11 +3196,6 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm return 0; } -static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk) -{ - return 0; -} - static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) { return 0; @@ -3249,7 +3243,7 @@ static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, } static inline int security_xfrm_flow_state_match(struct flowi *fl, - struct xfrm_state *xfrm) + struct xfrm_state *xfrm, struct xfrm_policy *xp) { return 1; } |