[PATCH] selinux: use nf_register_hooks()

[PATCH] selinux: use nf_register_hooks()

[Alexey Dobriyan]

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---

 security/selinux/hooks.c |   27 ++++++++-------------------
 1 file changed, 8 insertions(+), 19 deletions(-)

--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5670,27 +5670,20 @@ static struct nf_hook_ops selinux_ipv6_ops[] = {
 static int __init selinux_nf_ip_init(void)
 {
 	int err = 0;
-	u32 iter;
 
 	if (!selinux_enabled)
 		goto out;
 
 	printk(KERN_DEBUG "SELinux:  Registering netfilter hooks\n");
 
-	for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) {
-		err = nf_register_hook(&selinux_ipv4_ops[iter]);
-		if (err)
-			panic("SELinux: nf_register_hook for IPv4: error %d\n",
-			      err);
-	}
+	err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
+	if (err)
+		panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
 
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-	for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) {
-		err = nf_register_hook(&selinux_ipv6_ops[iter]);
-		if (err)
-			panic("SELinux: nf_register_hook for IPv6: error %d\n",
-			      err);
-	}
+	err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
+	if (err)
+		panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
 #endif	/* IPV6 */
 
 out:
@@ -5702,15 +5695,11 @@ __initcall(selinux_nf_ip_init);
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 static void selinux_nf_ip_exit(void)
 {
-	u32 iter;
-
 	printk(KERN_DEBUG "SELinux:  Unregistering netfilter hooks\n");
 
-	for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++)
-		nf_unregister_hook(&selinux_ipv4_ops[iter]);
+	nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-	for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++)
-		nf_unregister_hook(&selinux_ipv6_ops[iter]);
+	nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
 #endif	/* IPV6 */
 }
 #endif
-- 
1.5.4.5

Re: [PATCH] selinux: use nf_register_hooks()

[Patrick McHardy]

Alexey Dobriyan wrote:
> Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
> ---
> 
>  security/selinux/hooks.c |   27 ++++++++-------------------
>  1 file changed, 8 insertions(+), 19 deletions(-)

I can pick this up or it can go through the SELinux tree.
Stephen, James?

Re: [PATCH] selinux: use nf_register_hooks()

[James Morris]

On Mon, 21 Jul 2008, Patrick McHardy wrote:

> Alexey Dobriyan wrote:
> > Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
> > ---
> > 
> >  security/selinux/hooks.c |   27 ++++++++-------------------
> >  1 file changed, 8 insertions(+), 19 deletions(-)
> 
> I can pick this up or it can go through the SELinux tree.
> Stephen, James?

Probably simplest for you to take it while I'm travelling.

Acked-by: James Morris <jmorris@namei.org>


-- 
James Morris
<jmorris@namei.org>

Re: [PATCH] selinux: use nf_register_hooks()

[Patrick McHardy]

James Morris wrote:
> On Mon, 21 Jul 2008, Patrick McHardy wrote:
> 
>> Alexey Dobriyan wrote:
>>> Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
>>> ---
>>>
>>>  security/selinux/hooks.c |   27 ++++++++-------------------
>>>  1 file changed, 8 insertions(+), 19 deletions(-)
>> I can pick this up or it can go through the SELinux tree.
>> Stephen, James?
> 
> Probably simplest for you to take it while I'm travelling.

Applied, thanks.