aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7432bdd5d367..632ac3e80a61 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3794,6 +3794,7 @@ out:
3794 3794
3795static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) 3795static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3796{ 3796{
3797 struct sock *sk = sock->sk;
3797 struct inode_security_struct *isec; 3798 struct inode_security_struct *isec;
3798 int err; 3799 int err;
3799 3800
@@ -3807,7 +3808,6 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3807 isec = SOCK_INODE(sock)->i_security; 3808 isec = SOCK_INODE(sock)->i_security;
3808 if (isec->sclass == SECCLASS_TCP_SOCKET || 3809 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3809 isec->sclass == SECCLASS_DCCP_SOCKET) { 3810 isec->sclass == SECCLASS_DCCP_SOCKET) {
3810 struct sock *sk = sock->sk;
3811 struct avc_audit_data ad; 3811 struct avc_audit_data ad;
3812 struct sockaddr_in *addr4 = NULL; 3812 struct sockaddr_in *addr4 = NULL;
3813 struct sockaddr_in6 *addr6 = NULL; 3813 struct sockaddr_in6 *addr6 = NULL;
@@ -3841,6 +3841,8 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3841 goto out; 3841 goto out;
3842 } 3842 }
3843 3843
3844 err = selinux_netlbl_socket_connect(sk, address);
3845
3844out: 3846out:
3845 return err; 3847 return err;
3846} 3848}
@@ -4290,8 +4292,6 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4290 sk->sk_family == PF_UNIX) 4292 sk->sk_family == PF_UNIX)
4291 isec->sid = sksec->sid; 4293 isec->sid = sksec->sid;
4292 sksec->sclass = isec->sclass; 4294 sksec->sclass = isec->sclass;
4293
4294 selinux_netlbl_sock_graft(sk, parent);
4295} 4295}
4296 4296
4297static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb, 4297static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
@@ -4342,8 +4342,7 @@ static void selinux_inet_csk_clone(struct sock *newsk,
4342 selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family); 4342 selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family);
4343} 4343}
4344 4344
4345static void selinux_inet_conn_established(struct sock *sk, 4345static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4346 struct sk_buff *skb)
4347{ 4346{
4348 u16 family = sk->sk_family; 4347 u16 family = sk->sk_family;
4349 struct sk_security_struct *sksec = sk->sk_security; 4348 struct sk_security_struct *sksec = sk->sk_security;
@@ -4353,6 +4352,8 @@ static void selinux_inet_conn_established(struct sock *sk,
4353 family = PF_INET; 4352 family = PF_INET;
4354 4353
4355 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid); 4354 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4355
4356 selinux_netlbl_inet_conn_established(sk, family);
4356} 4357}
4357 4358
4358static void selinux_req_classify_flow(const struct request_sock *req, 4359static void selinux_req_classify_flow(const struct request_sock *req,
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-18 00:20:59 -0500