Merge tag 'asoc-v3.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v3.13 The fixes here are all driver specific ones, none of which particularly stand out but all of which are useful to users of those drivers.
author: Takashi Iwai <tiwai@suse.de> 2013-12-19 06:22:11 -0500
committer: Takashi Iwai <tiwai@suse.de> 2013-12-19 06:22:11 -0500
commit: 356f402da0f989b16e4b6849e88dba5df0e25944 (patch)
tree: d1d41d07abf30bdd7fe1498f6eb239eaced6d9b3 /security/selinux/xfrm.c
parent: 3a6c5d8ad0a9253aafb76df3577edcb68c09b939 (diff)
parent: 96b7fe0119b932ad25451d2b6357e727bbe6a309 (diff)
1 files changed, 48 insertions, 14 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index a91d205ec0c6..0462cb3ff0a7 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -209,19 +209,26 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
                            NULL) ? 0 : 1);
 }
-/*
+static u32 selinux_xfrm_skb_sid_egress(struct sk_buff *skb)
- * LSM hook implementation that checks and/or returns the xfrm sid for the
- * incoming packet.
- */
-int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
 {
-        u32 sid_session = SECSID_NULL;
+        struct dst_entry *dst = skb_dst(skb);
-        struct sec_path *sp;
+        struct xfrm_state *x;
-        if (skb == NULL)
+        if (dst == NULL)
-                goto out;
+                return SECSID_NULL;
+        x = dst->xfrm;
+        if (x == NULL || !selinux_authorizable_xfrm(x))
+                return SECSID_NULL;
+        return x->security->ctx_sid;
+}
+static int selinux_xfrm_skb_sid_ingress(struct sk_buff *skb,
+                                        u32 *sid, int ckall)
+{
+        u32 sid_session = SECSID_NULL;
+        struct sec_path *sp = skb->sp;
-        sp = skb->sp;
        if (sp) {
                int i;
@@ -248,6 +255,30 @@ out:
 }
 /*
+ * LSM hook implementation that checks and/or returns the xfrm sid for the
+ * incoming packet.
+ */
+int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
+{
+        if (skb == NULL) {
+                *sid = SECSID_NULL;
+                return 0;
+        }
+        return selinux_xfrm_skb_sid_ingress(skb, sid, ckall);
+}
+int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid)
+{
+        int rc;
+        rc = selinux_xfrm_skb_sid_ingress(skb, sid, 0);
+        if (rc == 0 && *sid == SECSID_NULL)
+                *sid = selinux_xfrm_skb_sid_egress(skb);
+        return rc;
+}
+/*
 * LSM hook implementation that allocs and transfers uctx spec to xfrm_policy.
 */
 int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
@@ -327,19 +358,22 @@ int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
                return rc;
        ctx = kmalloc(sizeof(*ctx) + str_len, GFP_ATOMIC);
-        if (!ctx)
+        if (!ctx) {
-                return -ENOMEM;
+                rc = -ENOMEM;
+                goto out;
+        }
        ctx->ctx_doi = XFRM_SC_DOI_LSM;
        ctx->ctx_alg = XFRM_SC_ALG_SELINUX;
        ctx->ctx_sid = secid;
        ctx->ctx_len = str_len;
        memcpy(ctx->ctx_str, ctx_str, str_len);
-        kfree(ctx_str);
        x->security = ctx;
        atomic_inc(&selinux_xfrm_refcount);
-        return 0;
+out:
+        kfree(ctx_str);
+        return rc;
 }
 /*
author	Takashi Iwai <tiwai@suse.de>	2013-12-19 06:22:11 -0500
committer	Takashi Iwai <tiwai@suse.de>	2013-12-19 06:22:11 -0500
commit	356f402da0f989b16e4b6849e88dba5df0e25944 (patch)
tree	d1d41d07abf30bdd7fe1498f6eb239eaced6d9b3 /security/selinux/xfrm.c
parent	3a6c5d8ad0a9253aafb76df3577edcb68c09b939 (diff)
parent	96b7fe0119b932ad25451d2b6357e727bbe6a309 (diff)