Merge git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6.25

[linux-2.6] / security / selinux / include / xfrm.h

diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index ebd7246a4be5d1824b164aab4967e2b398a0129f..36b0510efa7b9b1688360cdde9f14849187a0677 100644 (file)
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -32,13 +32,29 @@ static inline struct inode_security_struct *get_sock_isec(struct sock *sk)
 }
 
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
+extern atomic_t selinux_xfrm_refcount;
+
+static inline int selinux_xfrm_enabled(void)
+{
+       return (atomic_read(&selinux_xfrm_refcount) > 0);
+}
+
 int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb,
                        struct avc_audit_data *ad);
 int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
                        struct avc_audit_data *ad, u8 proto);
-u32 selinux_socket_getpeer_dgram(struct sk_buff *skb);
 int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
+
+static inline void selinux_xfrm_notify_policyload(void)
+{
+       atomic_inc(&flow_cache_genid);
+}
 #else
+static inline int selinux_xfrm_enabled(void)
+{
+       return 0;
+}
+
 static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
                        struct avc_audit_data *ad)
 {
@@ -51,15 +67,15 @@ static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
        return 0;
 }
 
-static inline int selinux_socket_getpeer_dgram(struct sk_buff *skb)
-{
-       return SECSID_NULL;
-}
 static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
 {
        *sid = SECSID_NULL;
        return 0;
 }
+
+static inline void selinux_xfrm_notify_policyload(void)
+{
+}
 #endif
 
 static inline void selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid)