ssec->sid = SECINITSID_UNLABELED;
sk->sk_security = ssec;
+ selinux_netlbl_sk_security_init(ssec, family);
+
return 0;
}
newssec->sid = ssec->sid;
newssec->peer_sid = ssec->peer_sid;
+
+ selinux_netlbl_sk_clone_security(ssec, newssec);
}
static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
}
}
-void selinux_sock_graft(struct sock* sk, struct socket *parent)
+static void selinux_sock_graft(struct sock* sk, struct socket *parent)
{
struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
struct sk_security_struct *sksec = sk->sk_security;
selinux_netlbl_sock_graft(sk, parent);
}
-int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
- struct request_sock *req)
+static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
+ struct request_sock *req)
{
struct sk_security_struct *sksec = sk->sk_security;
int err;
return 0;
}
-void selinux_inet_csk_clone(struct sock *newsk, const struct request_sock *req)
+static void selinux_inet_csk_clone(struct sock *newsk,
+ const struct request_sock *req)
{
struct sk_security_struct *newsksec = newsk->sk_security;
new socket in sync, but we don't have the isec available yet.
So we will wait until sock_graft to do it, by which
time it will have been created and available. */
+
+ selinux_netlbl_sk_security_init(newsksec, req->rsk_ops->family);
}
-void selinux_req_classify_flow(const struct request_sock *req, struct flowi *fl)
+static void selinux_req_classify_flow(const struct request_sock *req,
+ struct flowi *fl)
{
fl->secid = req->secid;
}