[MIPS] TXx9: Reorganize code

[linux-2.6-omap-h63xx.git] / net / netfilter / xt_SECMARK.c

diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index b11b3ecbb39d70f37862ab34c0a2ad522103288b..c0284856ccd490bf32c23b7fafd01f04ff793d08 100644 (file)
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -72,12 +72,13 @@ static bool checkentry_selinux(struct xt_secmark_target_info *info)
                return false;
        }
 
-       err = selinux_relabel_packet_permission(sel->selsid);
+       err = selinux_secmark_relabel_packet_permission(sel->selsid);
        if (err) {
                printk(KERN_INFO PFX "unable to obtain relabeling permission\n");
                return false;
        }
 
+       selinux_secmark_refcount_inc();
        return true;
 }
 
@@ -110,11 +111,20 @@ secmark_tg_check(const char *tablename, const void *entry,
        return true;
 }
 
+static void secmark_tg_destroy(const struct xt_target *target, void *targinfo)
+{
+       switch (mode) {
+       case SECMARK_MODE_SEL:
+               selinux_secmark_refcount_dec();
+       }
+}
+
 static struct xt_target secmark_tg_reg[] __read_mostly = {
        {
                .name           = "SECMARK",
                .family         = AF_INET,
                .checkentry     = secmark_tg_check,
+               .destroy        = secmark_tg_destroy,
                .target         = secmark_tg,
                .targetsize     = sizeof(struct xt_secmark_target_info),
                .table          = "mangle",
@@ -124,6 +134,7 @@ static struct xt_target secmark_tg_reg[] __read_mostly = {
                .name           = "SECMARK",
                .family         = AF_INET6,
                .checkentry     = secmark_tg_check,
+               .destroy        = secmark_tg_destroy,
                .target         = secmark_tg,
                .targetsize     = sizeof(struct xt_secmark_target_info),
                .table          = "mangle",