3 files changed, 21 insertions, 6 deletions

diff --git a/include/linux/in.h b/include/linux/in.h
index ba355384016a..94f557fa4636 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -72,6 +72,7 @@ struct in_addr {
 #define IP_FREEBIND     15
 #define IP_IPSEC_POLICY 16
 #define IP_XFRM_POLICY  17
+#define IP_PASSSEC      18
 
 /* BSD compatibility */
 #define IP_RECVRETOPTS  IP_RETOPTS
diff --git a/include/linux/security.h b/include/linux/security.h
index 7cbef482e13a..b18eb8cfa639 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1286,7 +1286,8 @@ struct security_operations {
         int (*socket_setsockopt) (struct socket * sock, int level, int optname);
         int (*socket_shutdown) (struct socket * sock, int how);
         int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
-        int (*socket_getpeersec) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
+        int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
+        int (*socket_getpeersec_dgram) (struct sk_buff *skb, char **secdata, u32 *seclen);
         int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
         void (*sk_free_security) (struct sock *sk);
         unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
@@ -2741,10 +2742,16 @@ static inline int security_sock_rcv_skb (struct sock * sk,
         return security_ops->socket_sock_rcv_skb (sk, skb);
 }
 
-static inline int security_socket_getpeersec(struct socket *sock, char __user *optval,
-                                             int __user *optlen, unsigned len)
+static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
+                                                    int __user *optlen, unsigned len)
 {
-        return security_ops->socket_getpeersec(sock, optval, optlen, len);
+        return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
+}
+
+static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata,
+                                                   u32 *seclen)
+{
+        return security_ops->socket_getpeersec_dgram(skb, secdata, seclen);
 }
 
 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
@@ -2863,8 +2870,14 @@ static inline int security_sock_rcv_skb (struct sock * sk,
         return 0;
 }
 
-static inline int security_socket_getpeersec(struct socket *sock, char __user *optval,
-                                             int __user *optlen, unsigned len)
+static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
+                                                    int __user *optlen, unsigned len)
+{
+        return -ENOPROTOOPT;
+}
+
+static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata,
+                                                   u32 *seclen)
 {
         return -ENOPROTOOPT;
 }
diff --git a/include/linux/socket.h b/include/linux/socket.h
index b02dda4ee83d..9ab2ddd80221 100644
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -150,6 +150,7 @@ __KINLINE struct cmsghdr * cmsg_nxthdr (struct msghdr *__msg, struct cmsghdr *__
 
 #define SCM_RIGHTS      0x01            /* rw: access rights (array of int) */
 #define SCM_CREDENTIALS 0x02            /* rw: struct ucred             */
+#define SCM_SECURITY    0x03            /* rw: security label           */
 
 struct ucred {
         __u32   pid;