SELinux: Better integration between peer labeling subsystems
authorPaul Moore <paul.moore@hp.com>
Tue, 29 Jan 2008 13:38:23 +0000 (08:38 -0500)
committerJames Morris <jmorris@namei.org>
Tue, 29 Jan 2008 21:17:25 +0000 (08:17 +1100)
commit220deb966ea51e0dedb6a187c0763120809f3e64
tree7d0e5dd8048907c364b4eeff294991937b466c7e
parentf67f4f315f31e7907779adb3296fb6682e755342
SELinux: Better integration between peer labeling subsystems

Rework the handling of network peer labels so that the different peer labeling
subsystems work better together.  This includes moving both subsystems to a
single "peer" object class which involves not only changes to the permission
checks but an improved method of consolidating multiple packet peer labels.
As part of this work the inbound packet permission check code has been heavily
modified to handle both the old and new behavior in as sane a fashion as
possible.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/hooks.c
security/selinux/include/netlabel.h
security/selinux/include/objsec.h
security/selinux/include/security.h
security/selinux/netlabel.c
security/selinux/ss/services.c