Commit e2193695 authored by Paul Moore's avatar Paul Moore Committed by Eric Paris

selinux: cleanup selinux_xfrm_decode_session()

Some basic simplification.
Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 4baabeec
...@@ -215,34 +215,35 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, ...@@ -215,34 +215,35 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
*/ */
int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
{ {
u32 sid_session = SECSID_NULL;
struct sec_path *sp; struct sec_path *sp;
*sid = SECSID_NULL;
if (skb == NULL) if (skb == NULL)
return 0; goto out;
sp = skb->sp; sp = skb->sp;
if (sp) { if (sp) {
int i, sid_set = 0; int i;
for (i = sp->len-1; i >= 0; i--) { for (i = sp->len - 1; i >= 0; i--) {
struct xfrm_state *x = sp->xvec[i]; struct xfrm_state *x = sp->xvec[i];
if (selinux_authorizable_xfrm(x)) { if (selinux_authorizable_xfrm(x)) {
struct xfrm_sec_ctx *ctx = x->security; struct xfrm_sec_ctx *ctx = x->security;
if (!sid_set) { if (sid_session == SECSID_NULL) {
*sid = ctx->ctx_sid; sid_session = ctx->ctx_sid;
sid_set = 1;
if (!ckall) if (!ckall)
break; goto out;
} else if (*sid != ctx->ctx_sid) } else if (sid_session != ctx->ctx_sid) {
*sid = SECSID_NULL;
return -EINVAL; return -EINVAL;
} }
} }
} }
}
out:
*sid = sid_session;
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment