summaryrefslogtreecommitdiff
path: root/security/selinux/include/xfrm.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/include/xfrm.h')
-rw-r--r--security/selinux/include/xfrm.h14
1 files changed, 1 insertions, 13 deletions
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index f51a3e84bd9b..8e45c1d588a8 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -19,7 +19,7 @@ int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp, struct flowi *fl);
int selinux_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm);
-int selinux_xfrm_decode_session(struct sk_buff *skb, struct flowi *fl);
+int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall);
/*
@@ -33,18 +33,6 @@ static inline struct inode_security_struct *get_sock_isec(struct sock *sk)
return SOCK_INODE(sk->sk_socket)->i_security;
}
-
-static inline u32 selinux_no_sk_sid(struct flowi *fl)
-{
- /* NOTE: no sock occurs on ICMP reply, forwards, ... */
- /* icmp_reply: authorize as kernel packet */
- if (fl && fl->proto == IPPROTO_ICMP) {
- return SECINITSID_KERNEL;
- }
-
- return SECINITSID_ANY_SOCKET;
-}
-
#ifdef CONFIG_SECURITY_NETWORK_XFRM
int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb,
struct avc_audit_data *ad);