Commit e2193695 authored by Paul Moore's avatar Paul Moore Committed by Eric Paris
Browse files

selinux: cleanup selinux_xfrm_decode_session() 



Some basic simplification.

Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 4baabeec

security/selinux/xfrm.c

+12 −11
Original line number Diff line number Diff line
@@ -215,34 +215,35 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, 
 */

int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)

{

	u32 sid_session = SECSID_NULL;

	struct sec_path *sp;



	*sid = SECSID_NULL;



	if (skb == NULL)

		return 0;

		goto out;



	sp = skb->sp;

	if (sp) {

		int i, sid_set = 0;

		int i;



		for (i = sp->len - 1; i >= 0; i--) {

			struct xfrm_state *x = sp->xvec[i];

			if (selinux_authorizable_xfrm(x)) {

				struct xfrm_sec_ctx *ctx = x->security;



				if (!sid_set) {

					*sid = ctx->ctx_sid;

					sid_set = 1;



				if (sid_session == SECSID_NULL) {

					sid_session = ctx->ctx_sid;

					if (!ckall)

						break;

				} else if (*sid != ctx->ctx_sid)

						goto out;

				} else if (sid_session != ctx->ctx_sid) {

					*sid = SECSID_NULL;

					return -EINVAL;

				}

			}

		}

	}



out:

	*sid = sid_session;

	return 0;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE