diff options
| -rw-r--r-- | security/selinux/hooks.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 16df6cca9a1b..f5f2d6a582f0 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -4622,6 +4622,11 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
| 4622 | goto err_af; | 4622 | goto err_af; |
| 4623 | } | 4623 | } |
| 4624 | 4624 | ||
| 4625 | ad.type = LSM_AUDIT_DATA_NET; | ||
| 4626 | ad.u.net = &net; | ||
| 4627 | ad.u.net->sport = htons(snum); | ||
| 4628 | ad.u.net->family = family_sa; | ||
| 4629 | |||
| 4625 | if (snum) { | 4630 | if (snum) { |
| 4626 | int low, high; | 4631 | int low, high; |
| 4627 | 4632 | ||
| @@ -4633,10 +4638,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
| 4633 | snum, &sid); | 4638 | snum, &sid); |
| 4634 | if (err) | 4639 | if (err) |
| 4635 | goto out; | 4640 | goto out; |
| 4636 | ad.type = LSM_AUDIT_DATA_NET; | ||
| 4637 | ad.u.net = &net; | ||
| 4638 | ad.u.net->sport = htons(snum); | ||
| 4639 | ad.u.net->family = family; | ||
| 4640 | err = avc_has_perm(&selinux_state, | 4641 | err = avc_has_perm(&selinux_state, |
| 4641 | sksec->sid, sid, | 4642 | sksec->sid, sid, |
| 4642 | sksec->sclass, | 4643 | sksec->sclass, |
| @@ -4668,15 +4669,10 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
| 4668 | break; | 4669 | break; |
| 4669 | } | 4670 | } |
| 4670 | 4671 | ||
| 4671 | err = sel_netnode_sid(addrp, family, &sid); | 4672 | err = sel_netnode_sid(addrp, family_sa, &sid); |
| 4672 | if (err) | 4673 | if (err) |
| 4673 | goto out; | 4674 | goto out; |
| 4674 | 4675 | ||
| 4675 | ad.type = LSM_AUDIT_DATA_NET; | ||
| 4676 | ad.u.net = &net; | ||
| 4677 | ad.u.net->sport = htons(snum); | ||
| 4678 | ad.u.net->family = family; | ||
| 4679 | |||
| 4680 | if (family_sa == AF_INET) | 4676 | if (family_sa == AF_INET) |
| 4681 | ad.u.net->v4info.saddr = addr4->sin_addr.s_addr; | 4677 | ad.u.net->v4info.saddr = addr4->sin_addr.s_addr; |
| 4682 | else | 4678 | else |
| @@ -4772,7 +4768,7 @@ static int selinux_socket_connect_helper(struct socket *sock, | |||
| 4772 | ad.type = LSM_AUDIT_DATA_NET; | 4768 | ad.type = LSM_AUDIT_DATA_NET; |
| 4773 | ad.u.net = &net; | 4769 | ad.u.net = &net; |
| 4774 | ad.u.net->dport = htons(snum); | 4770 | ad.u.net->dport = htons(snum); |
| 4775 | ad.u.net->family = sk->sk_family; | 4771 | ad.u.net->family = address->sa_family; |
| 4776 | err = avc_has_perm(&selinux_state, | 4772 | err = avc_has_perm(&selinux_state, |
| 4777 | sksec->sid, sid, sksec->sclass, perm, &ad); | 4773 | sksec->sid, sid, sksec->sclass, perm, &ad); |
| 4778 | if (err) | 4774 | if (err) |