diff options
Diffstat (limited to 'security/selinux/netlabel.c')
| -rw-r--r-- | security/selinux/netlabel.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 66e013d6f6f6..f4bcbf12a4c9 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c | |||
| @@ -144,6 +144,7 @@ void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, | |||
| 144 | /** | 144 | /** |
| 145 | * selinux_netlbl_skbuff_getsid - Get the sid of a packet using NetLabel | 145 | * selinux_netlbl_skbuff_getsid - Get the sid of a packet using NetLabel |
| 146 | * @skb: the packet | 146 | * @skb: the packet |
| 147 | * @family: protocol family | ||
| 147 | * @base_sid: the SELinux SID to use as a context for MLS only attributes | 148 | * @base_sid: the SELinux SID to use as a context for MLS only attributes |
| 148 | * @sid: the SID | 149 | * @sid: the SID |
| 149 | * | 150 | * |
| @@ -153,7 +154,10 @@ void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, | |||
| 153 | * assign to the packet. Returns zero on success, negative values on failure. | 154 | * assign to the packet. Returns zero on success, negative values on failure. |
| 154 | * | 155 | * |
| 155 | */ | 156 | */ |
| 156 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid) | 157 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
| 158 | u16 family, | ||
| 159 | u32 base_sid, | ||
| 160 | u32 *sid) | ||
| 157 | { | 161 | { |
| 158 | int rc; | 162 | int rc; |
| 159 | struct netlbl_lsm_secattr secattr; | 163 | struct netlbl_lsm_secattr secattr; |
| @@ -164,7 +168,7 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid) | |||
| 164 | } | 168 | } |
| 165 | 169 | ||
| 166 | netlbl_secattr_init(&secattr); | 170 | netlbl_secattr_init(&secattr); |
| 167 | rc = netlbl_skbuff_getattr(skb, &secattr); | 171 | rc = netlbl_skbuff_getattr(skb, family, &secattr); |
| 168 | if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) { | 172 | if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) { |
| 169 | rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid); | 173 | rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid); |
| 170 | if (rc == 0 && | 174 | if (rc == 0 && |
| @@ -292,6 +296,7 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) | |||
| 292 | * selinux_netlbl_sock_rcv_skb - Do an inbound access check using NetLabel | 296 | * selinux_netlbl_sock_rcv_skb - Do an inbound access check using NetLabel |
| 293 | * @sksec: the sock's sk_security_struct | 297 | * @sksec: the sock's sk_security_struct |
| 294 | * @skb: the packet | 298 | * @skb: the packet |
| 299 | * @family: protocol family | ||
| 295 | * @ad: the audit data | 300 | * @ad: the audit data |
| 296 | * | 301 | * |
| 297 | * Description: | 302 | * Description: |
| @@ -302,6 +307,7 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) | |||
| 302 | */ | 307 | */ |
| 303 | int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, | 308 | int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, |
| 304 | struct sk_buff *skb, | 309 | struct sk_buff *skb, |
| 310 | u16 family, | ||
| 305 | struct avc_audit_data *ad) | 311 | struct avc_audit_data *ad) |
| 306 | { | 312 | { |
| 307 | int rc; | 313 | int rc; |
| @@ -313,7 +319,7 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, | |||
| 313 | return 0; | 319 | return 0; |
| 314 | 320 | ||
| 315 | netlbl_secattr_init(&secattr); | 321 | netlbl_secattr_init(&secattr); |
| 316 | rc = netlbl_skbuff_getattr(skb, &secattr); | 322 | rc = netlbl_skbuff_getattr(skb, family, &secattr); |
| 317 | if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) { | 323 | if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) { |
| 318 | rc = security_netlbl_secattr_to_sid(&secattr, | 324 | rc = security_netlbl_secattr_to_sid(&secattr, |
| 319 | SECINITSID_NETMSG, | 325 | SECINITSID_NETMSG, |