Smack: Set socket labels only once

[sfrench/cifs-2.6.git] / security / smack / smack.h

diff --git a/security/smack/smack.h b/security/smack/smack.h
index e9e817d097859e203b0a90cb2fa4460445ca7d0e..c5d745a3ada88fc59602f841740d3b5ef99310c1 100644 (file)
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -100,7 +100,12 @@ struct socket_smack {
        struct smack_known      *smk_out;       /* outbound label */
        struct smack_known      *smk_in;        /* inbound label */
        struct smack_known      *smk_packet;    /* TCP peer label */
+       int                     smk_state;      /* netlabel socket states */
 };
+#define        SMK_NETLBL_UNSET        0
+#define        SMK_NETLBL_UNLABELED    1
+#define        SMK_NETLBL_LABELED      2
+#define        SMK_NETLBL_REQSKB       3
 
 /*
  * Inode smack data
@@ -196,19 +201,6 @@ enum {
 #define SMACK_DELETE_OPTION    "-DELETE"
 #define SMACK_CIPSO_OPTION     "-CIPSO"
 
-/*
- * How communications on this socket are treated.
- * Usually it's determined by the underlying netlabel code
- * but there are certain cases, including single label hosts
- * and potentially single label interfaces for which the
- * treatment can not be known in advance.
- *
- * The possibility of additional labeling schemes being
- * introduced in the future exists as well.
- */
-#define SMACK_UNLABELED_SOCKET 0
-#define SMACK_CIPSO_SOCKET     1
-
 /*
  * CIPSO defaults.
  */