selinux: cleanup selinux_xfrm_decode_session()

Some basic simplification. Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Paul Moore <pmoore@redhat.com> 2013-07-23 17:38:40 -0400
committer: Paul Moore <pmoore@redhat.com> 2013-07-23 17:38:40 -0400
commit: 295d2ba02a59f4053edbd742bfc16c8644226cec (patch)
tree: 888e99ad1e3be446d3fe74ee8cd306acbe86993f /security
parent: 17a2d135e75903e3390748ca121905afc70ec2b6 (diff)
1 files changed, 12 insertions, 11 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 00801cef1dd9..425b9f91d755 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -215,34 +215,35 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
  */
 int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
 {
+	u32 sid_session = SECSID_NULL;
 	struct sec_path *sp;
 
-	*sid = SECSID_NULL;
-
 	if (skb == NULL)
-		return 0;
+		goto out;
 
 	sp = skb->sp;
 	if (sp) {
-		int i, sid_set = 0;
+		int i;
 
-		for (i = sp->len-1; i >= 0; i--) {
+		for (i = sp->len - 1; i >= 0; i--) {
 			struct xfrm_state *x = sp->xvec[i];
 			if (selinux_authorizable_xfrm(x)) {
 				struct xfrm_sec_ctx *ctx = x->security;
 
-				if (!sid_set) {
-					*sid = ctx->ctx_sid;
-					sid_set = 1;
-
+				if (sid_session == SECSID_NULL) {
+					sid_session = ctx->ctx_sid;
 					if (!ckall)
-						break;
-				} else if (*sid != ctx->ctx_sid)
+						goto out;
+				} else if (sid_session != ctx->ctx_sid) {
+					*sid = SECSID_NULL;
 					return -EINVAL;
+				}
 			}
 		}
 	}
 
+out:
+	*sid = sid_session;
 	return 0;
 }
author	Paul Moore <pmoore@redhat.com>	2013-07-23 17:38:40 -0400
committer	Paul Moore <pmoore@redhat.com>	2013-07-23 17:38:40 -0400
commit	295d2ba02a59f4053edbd742bfc16c8644226cec (patch)
tree	888e99ad1e3be446d3fe74ee8cd306acbe86993f /security
parent	17a2d135e75903e3390748ca121905afc70ec2b6 (diff)