aboutsummaryrefslogtreecommitdiff
path: root/security/selinux/include/selinux_netlabel.h
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-08-29 17:55:38 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 15:18:38 -0700
commite448e931309e703f51d71a557973c620ff12fbda (patch)
tree8a738f5f45367965c29210402d28464fec3c04be /security/selinux/include/selinux_netlabel.h
parent7b3bbb926f4b3dd3a007dcf8dfa00203f52cb58d (diff)
[NetLabel]: uninline selinux_netlbl_inode_permission()
Uninline the selinux_netlbl_inode_permission() at the request of Andrew Morton. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/selinux/include/selinux_netlabel.h')
-rw-r--r--security/selinux/include/selinux_netlabel.h35
1 files changed, 1 insertions, 34 deletions
diff --git a/security/selinux/include/selinux_netlabel.h b/security/selinux/include/selinux_netlabel.h
index d885d880540..d69ec650cdb 100644
--- a/security/selinux/include/selinux_netlabel.h
+++ b/security/selinux/include/selinux_netlabel.h
@@ -43,40 +43,7 @@ void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec,
int family);
void selinux_netlbl_sk_clone_security(struct sk_security_struct *ssec,
struct sk_security_struct *newssec);
-
-int __selinux_netlbl_inode_permission(struct inode *inode, int mask);
-/**
- * selinux_netlbl_inode_permission - Verify the socket is NetLabel labeled
- * @inode: the file descriptor's inode
- * @mask: the permission mask
- *
- * Description:
- * Looks at a file's inode and if it is marked as a socket protected by
- * NetLabel then verify that the socket has been labeled, if not try to label
- * the socket now with the inode's SID. Returns zero on success, negative
- * values on failure.
- *
- */
-static inline int selinux_netlbl_inode_permission(struct inode *inode,
- int mask)
-{
- int rc = 0;
- struct inode_security_struct *isec;
- struct sk_security_struct *sksec;
-
- if (!S_ISSOCK(inode->i_mode))
- return 0;
-
- isec = inode->i_security;
- sksec = SOCKET_I(inode)->sk->sk_security;
- down(&isec->sem);
- if (unlikely(sksec->nlbl_state == NLBL_REQUIRE &&
- (mask & (MAY_WRITE | MAY_APPEND))))
- rc = __selinux_netlbl_inode_permission(inode, mask);
- up(&isec->sem);
-
- return rc;
-}
+int selinux_netlbl_inode_permission(struct inode *inode, int mask);
#else
static inline void selinux_netlbl_cache_invalidate(void)
{