aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/netlabel.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/netlabel.c')
-rw-r--r--security/selinux/netlabel.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index f58701a7b728..350794ab9b42 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -386,11 +386,12 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
386 if (!S_ISSOCK(inode->i_mode) || 386 if (!S_ISSOCK(inode->i_mode) ||
387 ((mask & (MAY_WRITE | MAY_APPEND)) == 0)) 387 ((mask & (MAY_WRITE | MAY_APPEND)) == 0))
388 return 0; 388 return 0;
389
390 sock = SOCKET_I(inode); 389 sock = SOCKET_I(inode);
391 sk = sock->sk; 390 sk = sock->sk;
391 if (sk == NULL)
392 return 0;
392 sksec = sk->sk_security; 393 sksec = sk->sk_security;
393 if (sksec->nlbl_state != NLBL_REQUIRE) 394 if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE)
394 return 0; 395 return 0;
395 396
396 local_bh_disable(); 397 local_bh_disable();
@@ -490,8 +491,10 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock,
490 lock_sock(sk); 491 lock_sock(sk);
491 rc = netlbl_sock_getattr(sk, &secattr); 492 rc = netlbl_sock_getattr(sk, &secattr);
492 release_sock(sk); 493 release_sock(sk);
493 if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) 494 if (rc == 0)
494 rc = -EACCES; 495 rc = -EACCES;
496 else if (rc == -ENOMSG)
497 rc = 0;
495 netlbl_secattr_destroy(&secattr); 498 netlbl_secattr_destroy(&secattr);
496 } 499 }
497 500
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-24 20:50:47 -0500