From: Rafal Krypa <r.kr...@samsung.com> For case when IPv6 is disabled, this fixes build break in one place and removes unused code in several other places.
Signed-off-by: Rafal Krypa <r.kr...@samsung.com> --- security/smack/smack_lsm.c | 46 ++++++++++++++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 16 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a688f7b..6fe7c6e 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -52,9 +52,9 @@ #define SMK_RECEIVING 1 #define SMK_SENDING 2 -#ifndef CONFIG_SECURITY_SMACK_NETFILTER +#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) LIST_HEAD(smk_ipv6_port_list); -#endif +#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ static struct kmem_cache *smack_inode_cache; int smack_enabled; @@ -2218,7 +2218,7 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) return smack_netlabel(sk, sk_lbl); } -#ifndef CONFIG_SECURITY_SMACK_NETFILTER +#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) /** * smk_ipv6_port_label - Smack port access table management * @sock: socket @@ -2368,7 +2368,7 @@ auditout: rc = smk_bu_note("IPv6 port check", skp, object, MAY_WRITE, rc); return rc; } -#endif /* !CONFIG_SECURITY_SMACK_NETFILTER */ +#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ /** * smack_inode_setsecurity - set smack xattrs @@ -2429,10 +2429,10 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, } else return -EOPNOTSUPP; -#ifndef CONFIG_SECURITY_SMACK_NETFILTER +#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) if (sock->sk->sk_family == PF_INET6) smk_ipv6_port_label(sock, NULL); -#endif +#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ return 0; } @@ -2474,12 +2474,14 @@ static int smack_socket_post_create(struct socket *sock, int family, static int smack_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { +#if IS_ENABLED(CONFIG_IPV6) if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) smk_ipv6_port_label(sock, address); +#endif return 0; } -#endif +#endif /* !CONFIG_SECURITY_SMACK_NETFILTER */ /** * smack_socket_connect - connect access check @@ -2508,10 +2510,10 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, case PF_INET6: if (addrlen < sizeof(struct sockaddr_in6)) return -EINVAL; -#ifndef CONFIG_SECURITY_SMACK_NETFILTER +#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap, SMK_CONNECTING); -#endif +#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ break; } return rc; @@ -3394,9 +3396,9 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) { struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; -#ifndef CONFIG_SECURITY_SMACK_NETFILTER +#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; -#endif +#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ int rc = 0; /* @@ -3410,9 +3412,9 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, rc = smack_netlabel_send(sock->sk, sip); break; case AF_INET6: -#ifndef CONFIG_SECURITY_SMACK_NETFILTER +#if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING); -#endif +#endif /* CONFIG_IPV6 && !CONFIG_SECURITY_SMACK_NETFILTER */ break; } return rc; @@ -3503,6 +3505,7 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, return smack_net_ambient; } +#if IS_ENABLED(CONFIG_IPV6) static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) { u8 nexthdr; @@ -3549,6 +3552,7 @@ static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) } return proto; } +#endif /* CONFIG_IPV6 */ /** * smack_socket_sock_rcv_skb - Smack packet delivery access check @@ -3562,13 +3566,15 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) struct netlbl_lsm_secattr secattr; struct socket_smack *ssp = sk->sk_security; struct smack_known *skp = NULL; - struct sockaddr_in6 sadd; int rc = 0; - int proto; struct smk_audit_info ad; #ifdef CONFIG_AUDIT struct lsm_network_audit net; #endif +#if IS_ENABLED(CONFIG_IPV6) + struct sockaddr_in6 sadd; + int proto; +#endif /* CONFIG_IPV6 */ switch (sk->sk_family) { case PF_INET: @@ -3617,6 +3623,7 @@ access_check: if (rc != 0) netlbl_skbuff_err(skb, rc, 0); break; +#if IS_ENABLED(CONFIG_IPV6) case PF_INET6: proto = smk_skb_to_addr_ipv6(skb, &sadd); if (proto != IPPROTO_UDP && proto != IPPROTO_TCP) @@ -3639,6 +3646,7 @@ access_check: rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ break; +#endif /* CONFIG_IPV6 */ } return rc; @@ -3702,8 +3710,10 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, if (skb != NULL) { if (skb->protocol == htons(ETH_P_IP)) family = PF_INET; +#if IS_ENABLED(CONFIG_IPV6) else if (skb->protocol == htons(ETH_P_IPV6)) family = PF_INET6; +#endif /* CONFIG_IPV6 */ } if (family == PF_UNSPEC && sock != NULL) family = sock->sk->sk_family; @@ -3732,11 +3742,13 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, } netlbl_secattr_destroy(&secattr); break; +#if IS_ENABLED(CONFIG_IPV6) case PF_INET6: #ifdef CONFIG_SECURITY_SMACK_NETFILTER s = skb->secmark; -#endif +#endif /* CONFIG_SECURITY_SMACK_NETFILTER */ break; +#endif /* CONFIG_IPV6 */ } *secid = s; if (s == 0) @@ -3792,6 +3804,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, struct lsm_network_audit net; #endif +#if IS_ENABLED(CONFIG_IPV6) if (family == PF_INET6) { /* * Handle mapped IPv4 packets arriving @@ -3803,6 +3816,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, else return 0; } +#endif /* CONFIG_IPV6 */ netlbl_secattr_init(&secattr); rc = netlbl_skbuff_getattr(skb, family, &secattr); -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/