162306a36Sopenharmony_ci.. SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci 362306a36Sopenharmony_ci================= 462306a36Sopenharmony_ciLSM/SeLinux secid 562306a36Sopenharmony_ci================= 662306a36Sopenharmony_ci 762306a36Sopenharmony_ciflowi structure: 862306a36Sopenharmony_ci 962306a36Sopenharmony_ciThe secid member in the flow structure is used in LSMs (e.g. SELinux) to indicate 1062306a36Sopenharmony_cithe label of the flow. This label of the flow is currently used in selecting 1162306a36Sopenharmony_cimatching labeled xfrm(s). 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_ciIf this is an outbound flow, the label is derived from the socket, if any, or 1462306a36Sopenharmony_cithe incoming packet this flow is being generated as a response to (e.g. tcp 1562306a36Sopenharmony_ciresets, timewait ack, etc.). It is also conceivable that the label could be 1662306a36Sopenharmony_ciderived from other sources such as process context, device, etc., in special 1762306a36Sopenharmony_cicases, as may be appropriate. 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ciIf this is an inbound flow, the label is derived from the IPSec security 2062306a36Sopenharmony_ciassociations, if any, used by the packet. 21