From 9f2ad66509b182b399a5b03de487f45bde623524 Mon Sep 17 00:00:00 2001
From: Paul Moore <paul.moore@hp.com>
Date: Fri, 17 Nov 2006 17:38:53 -0500
Subject: NetLabel: SELinux cleanups

This patch does a lot of cleanup in the SELinux NetLabel support code.  A
summary of the changes include:

* Use RCU locking for the NetLabel state variable in the skk_security_struct
  instead of using the inode_security_struct mutex.
* Remove unnecessary parameters in selinux_netlbl_socket_post_create().
* Rename selinux_netlbl_sk_clone_security() to
  selinux_netlbl_sk_security_clone() to better fit the other NetLabel
  sk_security functions.
* Improvements to selinux_netlbl_inode_permission() to help reduce the cost of
  the common case.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/selinux/include/objsec.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'security/selinux/include/objsec.h')

diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index ef2267f..91b88f0 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -23,6 +23,7 @@
 #include <linux/fs.h>
 #include <linux/binfmts.h>
 #include <linux/in.h>
+#include <linux/spinlock.h>
 #include "flask.h"
 #include "avc.h"
 
@@ -108,6 +109,7 @@ struct sk_security_struct {
 		NLBL_REQUIRE,
 		NLBL_LABELED,
 	} nlbl_state;
+	spinlock_t nlbl_lock;		/* protects nlbl_state */
 #endif
 };
 
-- 
cgit v1.1