diff options
| author | Jiri Pirko <jiri@resnulli.us> | 2014-09-03 17:42:13 +0200 |
|---|---|---|
| committer | Paul Moore <pmoore@redhat.com> | 2014-09-08 20:42:47 -0400 |
| commit | 25db6bea1ff5a78ef493eefdcbb9c1d27134e560 (patch) | |
| tree | 9d3784b924aad3fcccef0fa47287872995196b39 | |
| parent | a7a91a1928fe69cc98814cb746d5171ae14d757e (diff) | |
| download | linux-25db6bea1ff5a78ef493eefdcbb9c1d27134e560.tar.gz linux-25db6bea1ff5a78ef493eefdcbb9c1d27134e560.tar.bz2 linux-25db6bea1ff5a78ef493eefdcbb9c1d27134e560.zip | |
selinux: register nf hooks with single nf_register_hooks call
Push ipv4 and ipv6 nf hooks into single array and register/unregister
them via single call.
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Paul Moore <pmoore@redhat.com>
| -rw-r--r-- | security/selinux/hooks.c | 35 |
1 files changed, 10 insertions, 25 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e1e082796a49..50978d3183ea 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6071,7 +6071,7 @@ security_initcall(selinux_init); #if defined(CONFIG_NETFILTER) -static struct nf_hook_ops selinux_ipv4_ops[] = { +static struct nf_hook_ops selinux_nf_ops[] = { { .hook = selinux_ipv4_postroute, .owner = THIS_MODULE, @@ -6092,12 +6092,8 @@ static struct nf_hook_ops selinux_ipv4_ops[] = { .pf = NFPROTO_IPV4, .hooknum = NF_INET_LOCAL_OUT, .priority = NF_IP_PRI_SELINUX_FIRST, - } -}; - + }, #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) - -static struct nf_hook_ops selinux_ipv6_ops[] = { { .hook = selinux_ipv6_postroute, .owner = THIS_MODULE, @@ -6111,32 +6107,24 @@ static struct nf_hook_ops selinux_ipv6_ops[] = { .pf = NFPROTO_IPV6, .hooknum = NF_INET_FORWARD, .priority = NF_IP6_PRI_SELINUX_FIRST, - } -}; - + }, #endif /* IPV6 */ +}; static int __init selinux_nf_ip_init(void) { - int err = 0; + int err; if (!selinux_enabled) - goto out; + return 0; printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); - err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); - if (err) - panic("SELinux: nf_register_hooks for IPv4: error %d\n", err); - -#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) - err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); + err = nf_register_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops)); if (err) - panic("SELinux: nf_register_hooks for IPv6: error %d\n", err); -#endif /* IPV6 */ + panic("SELinux: nf_register_hooks: error %d\n", err); -out: - return err; + return 0; } __initcall(selinux_nf_ip_init); @@ -6146,10 +6134,7 @@ static void selinux_nf_ip_exit(void) { printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); - nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); -#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) - nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); -#endif /* IPV6 */ + nf_unregister_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops)); } #endif |