Revert "Smack: secmark connections"

This reverts commit 6ba4ad7bf7475bb7d4fdf2374d921e0ef7be7f8f.

Change-Id: I5c6fc1260855249e5086a8dfcb6361c949795213
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 65f94740278272459a99b51c6e32b3e389866700..5b367d320ee74d1f71e0f39438228f841ee74466 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3929,18 +3929,6 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
        }
 #endif /* CONFIG_IPV6 */
 
-#ifdef CONFIG_SECURITY_SMACK_NETFILTER
-       /*
-        * If there is a secmark use it rather than the CIPSO label.
-        * If there is no secmark fall back to CIPSO.
-        * The secmark is assumed to reflect policy better.
-        */
-       if (skb && skb->secmark != 0) {
-               skp = smack_from_secid(skb->secmark);
-               goto access_check;
-       }
-#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
-
        netlbl_secattr_init(&secattr);
        rc = netlbl_skbuff_getattr(skb, family, &secattr);
        if (rc == 0)
@@ -3949,10 +3937,6 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
                skp = &smack_known_huh;
        netlbl_secattr_destroy(&secattr);
 
-#ifdef CONFIG_SECURITY_SMACK_NETFILTER
-access_check:
-#endif
-
 #ifdef CONFIG_AUDIT
        smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
        ad.a.u.net->family = family;