diff options
author | Paul Moore <paul.moore@hp.com> | 2006-09-25 18:52:01 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-09-25 18:52:01 -0400 |
commit | 14a72f53fb1bb5d5c2bdd8cf172219519664729a (patch) | |
tree | 95a077fb9289a95c352af77f18f12e5aba3313c6 /include | |
parent | 597811ec167fa01c926a0957a91d9e39baa30e64 (diff) |
[NetLabel]: correct improper handling of non-NetLabel peer contexts
Fix a problem where NetLabel would always set the value of
sk_security_struct->peer_sid in selinux_netlbl_sock_graft() to the context of
the socket, causing problems when users would query the context of the
connection. This patch fixes this so that the value in
sk_security_struct->peer_sid is only set when the connection is NetLabel based,
otherwise the value is untouched.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/cipso_ipv4.h | 7 | ||||
-rw-r--r-- | include/net/netlabel.h | 8 |
2 files changed, 15 insertions, 0 deletions
diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h index 59406e0dc5b2..6718452a5cd0 100644 --- a/include/net/cipso_ipv4.h +++ b/include/net/cipso_ipv4.h | |||
@@ -205,6 +205,7 @@ void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway); | |||
205 | int cipso_v4_socket_setattr(const struct socket *sock, | 205 | int cipso_v4_socket_setattr(const struct socket *sock, |
206 | const struct cipso_v4_doi *doi_def, | 206 | const struct cipso_v4_doi *doi_def, |
207 | const struct netlbl_lsm_secattr *secattr); | 207 | const struct netlbl_lsm_secattr *secattr); |
208 | int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr); | ||
208 | int cipso_v4_socket_getattr(const struct socket *sock, | 209 | int cipso_v4_socket_getattr(const struct socket *sock, |
209 | struct netlbl_lsm_secattr *secattr); | 210 | struct netlbl_lsm_secattr *secattr); |
210 | int cipso_v4_skbuff_getattr(const struct sk_buff *skb, | 211 | int cipso_v4_skbuff_getattr(const struct sk_buff *skb, |
@@ -225,6 +226,12 @@ static inline int cipso_v4_socket_setattr(const struct socket *sock, | |||
225 | return -ENOSYS; | 226 | return -ENOSYS; |
226 | } | 227 | } |
227 | 228 | ||
229 | static inline int cipso_v4_sock_getattr(struct sock *sk, | ||
230 | struct netlbl_lsm_secattr *secattr) | ||
231 | { | ||
232 | return -ENOSYS; | ||
233 | } | ||
234 | |||
228 | static inline int cipso_v4_socket_getattr(const struct socket *sock, | 235 | static inline int cipso_v4_socket_getattr(const struct socket *sock, |
229 | struct netlbl_lsm_secattr *secattr) | 236 | struct netlbl_lsm_secattr *secattr) |
230 | { | 237 | { |
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index dd5780b36919..bf7b564e3540 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h | |||
@@ -238,6 +238,8 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr, | |||
238 | #ifdef CONFIG_NETLABEL | 238 | #ifdef CONFIG_NETLABEL |
239 | int netlbl_socket_setattr(const struct socket *sock, | 239 | int netlbl_socket_setattr(const struct socket *sock, |
240 | const struct netlbl_lsm_secattr *secattr); | 240 | const struct netlbl_lsm_secattr *secattr); |
241 | int netlbl_sock_getattr(struct sock *sk, | ||
242 | struct netlbl_lsm_secattr *secattr); | ||
241 | int netlbl_socket_getattr(const struct socket *sock, | 243 | int netlbl_socket_getattr(const struct socket *sock, |
242 | struct netlbl_lsm_secattr *secattr); | 244 | struct netlbl_lsm_secattr *secattr); |
243 | int netlbl_skbuff_getattr(const struct sk_buff *skb, | 245 | int netlbl_skbuff_getattr(const struct sk_buff *skb, |
@@ -250,6 +252,12 @@ static inline int netlbl_socket_setattr(const struct socket *sock, | |||
250 | return -ENOSYS; | 252 | return -ENOSYS; |
251 | } | 253 | } |
252 | 254 | ||
255 | static inline int netlbl_sock_getattr(struct sock *sk, | ||
256 | struct netlbl_lsm_secattr *secattr) | ||
257 | { | ||
258 | return -ENOSYS; | ||
259 | } | ||
260 | |||
253 | static inline int netlbl_socket_getattr(const struct socket *sock, | 261 | static inline int netlbl_socket_getattr(const struct socket *sock, |
254 | struct netlbl_lsm_secattr *secattr) | 262 | struct netlbl_lsm_secattr *secattr) |
255 | { | 263 | { |