aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2007-07-30 16:33:26 -0400
committerJames Morris <jmorris@namei.org>2007-08-02 11:52:21 -0400
commit9534f71ca33e5a9de26dfd43c76af86e005005dd (patch)
tree344444735f541f79ed98cc38fa9040bc018ec66e /security
parent1ed4395035a6791ebbbf618429a58ab9c207cc83 (diff)
SELinux: restore proper NetLabel caching behavior
A small fix to the SELinux/NetLabel glue code to ensure that the NetLabel cache is utilized when possible. This was broken when the SELinux/NetLabel glue code was reorganized in the last kernel release. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/netlabel.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 051b14c88e2d..d243ddc723a5 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -162,9 +162,13 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid)
162 162
163 netlbl_secattr_init(&secattr); 163 netlbl_secattr_init(&secattr);
164 rc = netlbl_skbuff_getattr(skb, &secattr); 164 rc = netlbl_skbuff_getattr(skb, &secattr);
165 if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) 165 if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {
166 rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid); 166 rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid);
167 else 167 if (rc == 0 &&
168 (secattr.flags & NETLBL_SECATTR_CACHEABLE) &&
169 (secattr.flags & NETLBL_SECATTR_CACHE))
170 netlbl_cache_add(skb, &secattr);
171 } else
168 *sid = SECSID_NULL; 172 *sid = SECSID_NULL;
169 netlbl_secattr_destroy(&secattr); 173 netlbl_secattr_destroy(&secattr);
170 174
@@ -307,11 +311,15 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
307 311
308 netlbl_secattr_init(&secattr); 312 netlbl_secattr_init(&secattr);
309 rc = netlbl_skbuff_getattr(skb, &secattr); 313 rc = netlbl_skbuff_getattr(skb, &secattr);
310 if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) 314 if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {
311 rc = security_netlbl_secattr_to_sid(&secattr, 315 rc = security_netlbl_secattr_to_sid(&secattr,
312 SECINITSID_NETMSG, 316 SECINITSID_NETMSG,
313 &nlbl_sid); 317 &nlbl_sid);
314 else 318 if (rc == 0 &&
319 (secattr.flags & NETLBL_SECATTR_CACHEABLE) &&
320 (secattr.flags & NETLBL_SECATTR_CACHE))
321 netlbl_cache_add(skb, &secattr);
322 } else
315 nlbl_sid = SECINITSID_UNLABELED; 323 nlbl_sid = SECINITSID_UNLABELED;
316 netlbl_secattr_destroy(&secattr); 324 netlbl_secattr_destroy(&secattr);
317 if (rc != 0) 325 if (rc != 0)