tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

selinux: delete selinux_xfrm_policy_lookup() useless argument

seliunx_xfrm_policy_lookup() is hooks of security_xfrm_policy_lookup().
The dir argument is uselss in security_xfrm_policy_lookup(). So
remove the dir argument from selinux_xfrm_policy_lookup() and
security_xfrm_policy_lookup().

Signed-off-by: Zhongjun Tan <tanzhongjun@yulong.com>
[PM: reformat the subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Zhongjun Tan and committed by
Paul Moore 8a922805 e1cce3a3

+9 -12
+1 -2
include/linux/lsm_hook_defs.h
··· 358 358 struct xfrm_sec_ctx *polsec, u32 secid) 359 359 LSM_HOOK(void, LSM_RET_VOID, xfrm_state_free_security, struct xfrm_state *x) 360 360 LSM_HOOK(int, 0, xfrm_state_delete_security, struct xfrm_state *x) 361 - LSM_HOOK(int, 0, xfrm_policy_lookup, struct xfrm_sec_ctx *ctx, u32 fl_secid, 362 - u8 dir) 361 + LSM_HOOK(int, 0, xfrm_policy_lookup, struct xfrm_sec_ctx *ctx, u32 fl_secid) 363 362 LSM_HOOK(int, 1, xfrm_state_pol_flow_match, struct xfrm_state *x, 364 363 struct xfrm_policy *xp, const struct flowi_common *flic) 365 364 LSM_HOOK(int, 0, xfrm_decode_session, struct sk_buff *skb, u32 *secid,
+2 -2
include/linux/security.h
··· 1681 1681 struct xfrm_sec_ctx *polsec, u32 secid); 1682 1682 int security_xfrm_state_delete(struct xfrm_state *x); 1683 1683 void security_xfrm_state_free(struct xfrm_state *x); 1684 - int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); 1684 + int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid); 1685 1685 int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1686 1686 struct xfrm_policy *xp, 1687 1687 const struct flowi_common *flic); ··· 1732 1732 return 0; 1733 1733 } 1734 1734 1735 - static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) 1735 + static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid) 1736 1736 { 1737 1737 return 0; 1738 1738 }
+2 -4
net/xfrm/xfrm_policy.c
··· 1902 1902 1903 1903 match = xfrm_selector_match(sel, fl, family); 1904 1904 if (match) 1905 - ret = security_xfrm_policy_lookup(pol->security, fl->flowi_secid, 1906 - dir); 1905 + ret = security_xfrm_policy_lookup(pol->security, fl->flowi_secid); 1907 1906 return ret; 1908 1907 } 1909 1908 ··· 2180 2181 goto out; 2181 2182 } 2182 2183 err = security_xfrm_policy_lookup(pol->security, 2183 - fl->flowi_secid, 2184 - dir); 2184 + fl->flowi_secid); 2185 2185 if (!err) { 2186 2186 if (!xfrm_pol_hold_rcu(pol)) 2187 2187 goto again;
+2 -2
security/security.c
··· 2466 2466 call_void_hook(xfrm_state_free_security, x); 2467 2467 } 2468 2468 2469 - int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) 2469 + int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid) 2470 2470 { 2471 - return call_int_hook(xfrm_policy_lookup, 0, ctx, fl_secid, dir); 2471 + return call_int_hook(xfrm_policy_lookup, 0, ctx, fl_secid); 2472 2472 } 2473 2473 2474 2474 int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
+1 -1
security/selinux/include/xfrm.h
··· 23 23 struct xfrm_sec_ctx *polsec, u32 secid); 24 24 void selinux_xfrm_state_free(struct xfrm_state *x); 25 25 int selinux_xfrm_state_delete(struct xfrm_state *x); 26 - int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); 26 + int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid); 27 27 int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, 28 28 struct xfrm_policy *xp, 29 29 const struct flowi_common *flic);
+1 -1
security/selinux/xfrm.c
··· 150 150 * LSM hook implementation that authorizes that a flow can use a xfrm policy 151 151 * rule. 152 152 */ 153 - int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) 153 + int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid) 154 154 { 155 155 int rc; 156 156