selinux June 2013 archive
Main Archive Page > Month Archives  > selinux archives
selinux: [PATCH 6/8] selinux: cleanup selinux_xfrm_decode_sessio

[PATCH 6/8] selinux: cleanup selinux_xfrm_decode_session()

From: Paul Moore <pmoore_at_nospam>
Date: Fri Jun 14 2013 - 19:04:10 GMT
To: linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov

Some basic simplification.

Signed-off-by: Paul Moore <pmoore@redhat.com>
--- security/selinux/xfrm.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 00801ce..425b9f9 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -215,34 +215,35 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, */ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) { + u32 sid_session = SECSID_NULL; struct sec_path *sp; - *sid = SECSID_NULL; - if (skb == NULL) - return 0; + goto out; sp = skb->sp; if (sp) { - int i, sid_set = 0; + int i; - for (i = sp->len-1; i >= 0; i--) { + for (i = sp->len - 1; i >= 0; i--) { struct xfrm_state *x = sp->xvec[i]; if (selinux_authorizable_xfrm(x)) { struct xfrm_sec_ctx *ctx = x->security; - if (!sid_set) { - *sid = ctx->ctx_sid; - sid_set = 1; - + if (sid_session == SECSID_NULL) { + sid_session = ctx->ctx_sid; if (!ckall) - break; - } else if (*sid != ctx->ctx_sid) + goto out; + } else if (sid_session != ctx->ctx_sid) { + *sid = SECSID_NULL; return -EINVAL; + } } } } +out: + *sid = sid_session; return 0; } -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.