Merge branch 'stable-3.16' of git://git.infradead.org/users/pcmoore/selinux into next

2 files changed, 3 insertions, 15 deletions

diff --git a/include/linux/security.h b/include/linux/security.h
index 0ae4b147718a..623f90e5f38d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -996,10 +996,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      Retrieve the LSM-specific secid for the sock to enable caching of network
  *      authorizations.
  * @sock_graft:
- *      This hook is called in response to a newly created sock struct being
- *      grafted onto an existing socket and allows the security module to
- *      perform whatever security attribute management is necessary for both
- *      the sock and socket.
+ *      Sets the socket's isec sid to the sock's sid.
  * @inet_conn_request:
  *      Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
  * @inet_csk_clone:
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7740f61588d6..b0e940497e23 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4510,18 +4510,9 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
         struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
         struct sk_security_struct *sksec = sk->sk_security;
 
-        switch (sk->sk_family) {
-        case PF_INET:
-        case PF_INET6:
-        case PF_UNIX:
+        if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
+            sk->sk_family == PF_UNIX)
                 isec->sid = sksec->sid;
-                break;
-        default:
-                /* by default there is no special labeling mechanism for the
-                 * sksec label so inherit the label from the parent socket */
-                BUG_ON(sksec->sid != SECINITSID_UNLABELED);
-                sksec->sid = isec->sid;
-        }
         sksec->sclass = isec->sclass;
 }