diff options
| -rw-r--r-- | security/selinux/include/xfrm.h | 9 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 6 |
2 files changed, 12 insertions, 3 deletions
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index 161eb571c82d..31929e39f5ca 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h | |||
| @@ -37,6 +37,11 @@ int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb, | |||
| 37 | int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, | 37 | int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, |
| 38 | struct avc_audit_data *ad, u8 proto); | 38 | struct avc_audit_data *ad, u8 proto); |
| 39 | int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); | 39 | int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); |
| 40 | |||
| 41 | static inline void selinux_xfrm_notify_policyload(void) | ||
| 42 | { | ||
| 43 | atomic_inc(&flow_cache_genid); | ||
| 44 | } | ||
| 40 | #else | 45 | #else |
| 41 | static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, | 46 | static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, |
| 42 | struct avc_audit_data *ad) | 47 | struct avc_audit_data *ad) |
| @@ -55,6 +60,10 @@ static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int | |||
| 55 | *sid = SECSID_NULL; | 60 | *sid = SECSID_NULL; |
| 56 | return 0; | 61 | return 0; |
| 57 | } | 62 | } |
| 63 | |||
| 64 | static inline void selinux_xfrm_notify_policyload(void) | ||
| 65 | { | ||
| 66 | } | ||
| 58 | #endif | 67 | #endif |
| 59 | 68 | ||
| 60 | static inline void selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid) | 69 | static inline void selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid) |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index ff0393317f39..ca9154dc5d82 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -1299,7 +1299,7 @@ int security_load_policy(void *data, size_t len) | |||
| 1299 | avc_ss_reset(seqno); | 1299 | avc_ss_reset(seqno); |
| 1300 | selnl_notify_policyload(seqno); | 1300 | selnl_notify_policyload(seqno); |
| 1301 | selinux_netlbl_cache_invalidate(); | 1301 | selinux_netlbl_cache_invalidate(); |
| 1302 | atomic_inc(&flow_cache_genid); | 1302 | selinux_xfrm_notify_policyload(); |
| 1303 | return 0; | 1303 | return 0; |
| 1304 | } | 1304 | } |
| 1305 | 1305 | ||
| @@ -1355,7 +1355,7 @@ int security_load_policy(void *data, size_t len) | |||
| 1355 | avc_ss_reset(seqno); | 1355 | avc_ss_reset(seqno); |
| 1356 | selnl_notify_policyload(seqno); | 1356 | selnl_notify_policyload(seqno); |
| 1357 | selinux_netlbl_cache_invalidate(); | 1357 | selinux_netlbl_cache_invalidate(); |
| 1358 | atomic_inc(&flow_cache_genid); | 1358 | selinux_xfrm_notify_policyload(); |
| 1359 | 1359 | ||
| 1360 | return 0; | 1360 | return 0; |
| 1361 | 1361 | ||
| @@ -1855,7 +1855,7 @@ out: | |||
| 1855 | if (!rc) { | 1855 | if (!rc) { |
| 1856 | avc_ss_reset(seqno); | 1856 | avc_ss_reset(seqno); |
| 1857 | selnl_notify_policyload(seqno); | 1857 | selnl_notify_policyload(seqno); |
| 1858 | atomic_inc(&flow_cache_genid); | 1858 | selinux_xfrm_notify_policyload(); |
| 1859 | } | 1859 | } |
| 1860 | return rc; | 1860 | return rc; |
| 1861 | } | 1861 | } |