static int checkentry_selinux(struct xt_secmark_target_info *info)
{
int err;
struct xt_secmark_target_selinux_info *sel = &info->u.sel;
sel->selctx[SECMARK_SELCTX_MAX - 1] = '\0';
err = selinux_string_to_sid(sel->selctx, &sel->selsid);
if (err) {
if (err == -EINVAL)
pr_info("invalid SELinux context \'%s\'\n",
sel->selctx);
return err;
}
if (!sel->selsid) {
pr_info("unable to map SELinux context \'%s\'\n", sel->selctx);
return -ENOENT;
}
err = selinux_secmark_relabel_packet_permission(sel->selsid);
if (err) {
pr_info("unable to obtain relabeling permission\n");
return err;
}
selinux_secmark_refcount_inc();
return 0;
}
static bool checkentry_selinux(struct xt_secmark_target_info *info)
{
int err;
struct xt_secmark_target_selinux_info *sel = &info->u.sel;
sel->selctx[SECMARK_SELCTX_MAX - 1] = '\0';
err = selinux_string_to_sid(sel->selctx, &sel->selsid);
if (err) {
if (err == -EINVAL)
printk(KERN_INFO PFX "invalid SELinux context \'%s\'\n",
sel->selctx);
return false;
}
if (!sel->selsid) {
printk(KERN_INFO PFX "unable to map SELinux context \'%s\'\n",
sel->selctx);
return false;
}
err = selinux_relabel_packet_permission(sel->selsid);
if (err) {
printk(KERN_INFO PFX "unable to obtain relabeling permission\n");
return false;
}
return true;
}
