| netif.c (42249094f79422fbf5ed4b54eeb48ff096809b8f) | netif.c (615e51fdda6f274e94b1e905fcaf6111e0d9aa20) |
|---|---|
| 1/* 2 * Network interface table. 3 * 4 * Network interfaces (devices) do not have a security field, so we 5 * maintain a table associating each interface with a SID. 6 * 7 * Author: James Morris <jmorris@redhat.com> 8 * --- 226 unchanged lines hidden (view full) --- 235 236/** 237 * sel_netif_flush - Flush the entire network interface table 238 * 239 * Description: 240 * Remove all entries from the network interface table. 241 * 242 */ | 1/* 2 * Network interface table. 3 * 4 * Network interfaces (devices) do not have a security field, so we 5 * maintain a table associating each interface with a SID. 6 * 7 * Author: James Morris <jmorris@redhat.com> 8 * --- 226 unchanged lines hidden (view full) --- 235 236/** 237 * sel_netif_flush - Flush the entire network interface table 238 * 239 * Description: 240 * Remove all entries from the network interface table. 241 * 242 */ |
| 243static void sel_netif_flush(void) | 243void sel_netif_flush(void) |
| 244{ 245 int idx; 246 struct sel_netif *netif; 247 248 spin_lock_bh(&sel_netif_lock); 249 for (idx = 0; idx < SEL_NETIF_HASH_SIZE; idx++) 250 list_for_each_entry(netif, &sel_netif_hash[idx], list) 251 sel_netif_destroy(netif); 252 spin_unlock_bh(&sel_netif_lock); 253} 254 | 244{ 245 int idx; 246 struct sel_netif *netif; 247 248 spin_lock_bh(&sel_netif_lock); 249 for (idx = 0; idx < SEL_NETIF_HASH_SIZE; idx++) 250 list_for_each_entry(netif, &sel_netif_hash[idx], list) 251 sel_netif_destroy(netif); 252 spin_unlock_bh(&sel_netif_lock); 253} 254 |
| 255static int sel_netif_avc_callback(u32 event) 256{ 257 if (event == AVC_CALLBACK_RESET) { 258 sel_netif_flush(); 259 synchronize_net(); 260 } 261 return 0; 262} 263 | |
| 264static int sel_netif_netdev_notifier_handler(struct notifier_block *this, 265 unsigned long event, void *ptr) 266{ 267 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 268 269 if (dev_net(dev) != &init_net) 270 return NOTIFY_DONE; 271 --- 14 unchanged lines hidden (view full) --- 286 if (!selinux_enabled) 287 return 0; 288 289 for (i = 0; i < SEL_NETIF_HASH_SIZE; i++) 290 INIT_LIST_HEAD(&sel_netif_hash[i]); 291 292 register_netdevice_notifier(&sel_netif_netdev_notifier); 293 | 255static int sel_netif_netdev_notifier_handler(struct notifier_block *this, 256 unsigned long event, void *ptr) 257{ 258 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 259 260 if (dev_net(dev) != &init_net) 261 return NOTIFY_DONE; 262 --- 14 unchanged lines hidden (view full) --- 277 if (!selinux_enabled) 278 return 0; 279 280 for (i = 0; i < SEL_NETIF_HASH_SIZE; i++) 281 INIT_LIST_HEAD(&sel_netif_hash[i]); 282 283 register_netdevice_notifier(&sel_netif_netdev_notifier); 284 |
| 294 err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET); 295 if (err) 296 panic("avc_add_callback() failed, error %d\n", err); 297 | |
| 298 return err; 299} 300 301__initcall(sel_netif_init); 302 | 285 return err; 286} 287 288__initcall(sel_netif_init); 289 |