diff options
Diffstat (limited to 'security/selinux/netlabel.c')
| -rw-r--r-- | security/selinux/netlabel.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index f4bcbf12a4c9..b54d28fd3b5d 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c | |||
| @@ -137,7 +137,6 @@ void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, | |||
| 137 | * lock as other threads could have access to ssec */ | 137 | * lock as other threads could have access to ssec */ |
| 138 | rcu_read_lock(); | 138 | rcu_read_lock(); |
| 139 | selinux_netlbl_sk_security_reset(newssec, ssec->sk->sk_family); | 139 | selinux_netlbl_sk_security_reset(newssec, ssec->sk->sk_family); |
| 140 | newssec->sclass = ssec->sclass; | ||
| 141 | rcu_read_unlock(); | 140 | rcu_read_unlock(); |
| 142 | } | 141 | } |
| 143 | 142 | ||
| @@ -146,6 +145,7 @@ void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, | |||
| 146 | * @skb: the packet | 145 | * @skb: the packet |
| 147 | * @family: protocol family | 146 | * @family: protocol family |
| 148 | * @base_sid: the SELinux SID to use as a context for MLS only attributes | 147 | * @base_sid: the SELinux SID to use as a context for MLS only attributes |
| 148 | * @type: NetLabel labeling protocol type | ||
| 149 | * @sid: the SID | 149 | * @sid: the SID |
| 150 | * | 150 | * |
| 151 | * Description: | 151 | * Description: |
| @@ -157,6 +157,7 @@ void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, | |||
| 157 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, | 157 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
| 158 | u16 family, | 158 | u16 family, |
| 159 | u32 base_sid, | 159 | u32 base_sid, |
| 160 | u32 *type, | ||
| 160 | u32 *sid) | 161 | u32 *sid) |
| 161 | { | 162 | { |
| 162 | int rc; | 163 | int rc; |
| @@ -177,6 +178,7 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, | |||
| 177 | netlbl_cache_add(skb, &secattr); | 178 | netlbl_cache_add(skb, &secattr); |
| 178 | } else | 179 | } else |
| 179 | *sid = SECSID_NULL; | 180 | *sid = SECSID_NULL; |
| 181 | *type = secattr.type; | ||
| 180 | netlbl_secattr_destroy(&secattr); | 182 | netlbl_secattr_destroy(&secattr); |
| 181 | 183 | ||
| 182 | return rc; | 184 | return rc; |
| @@ -194,13 +196,10 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, | |||
| 194 | */ | 196 | */ |
| 195 | void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock) | 197 | void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock) |
| 196 | { | 198 | { |
| 197 | struct inode_security_struct *isec = SOCK_INODE(sock)->i_security; | ||
| 198 | struct sk_security_struct *sksec = sk->sk_security; | 199 | struct sk_security_struct *sksec = sk->sk_security; |
| 199 | struct netlbl_lsm_secattr secattr; | 200 | struct netlbl_lsm_secattr secattr; |
| 200 | u32 nlbl_peer_sid; | 201 | u32 nlbl_peer_sid; |
| 201 | 202 | ||
| 202 | sksec->sclass = isec->sclass; | ||
| 203 | |||
| 204 | rcu_read_lock(); | 203 | rcu_read_lock(); |
| 205 | 204 | ||
| 206 | if (sksec->nlbl_state != NLBL_REQUIRE) { | 205 | if (sksec->nlbl_state != NLBL_REQUIRE) { |
| @@ -238,11 +237,8 @@ int selinux_netlbl_socket_post_create(struct socket *sock) | |||
| 238 | { | 237 | { |
| 239 | int rc = 0; | 238 | int rc = 0; |
| 240 | struct sock *sk = sock->sk; | 239 | struct sock *sk = sock->sk; |
| 241 | struct inode_security_struct *isec = SOCK_INODE(sock)->i_security; | ||
| 242 | struct sk_security_struct *sksec = sk->sk_security; | 240 | struct sk_security_struct *sksec = sk->sk_security; |
| 243 | 241 | ||
| 244 | sksec->sclass = isec->sclass; | ||
| 245 | |||
| 246 | rcu_read_lock(); | 242 | rcu_read_lock(); |
| 247 | if (sksec->nlbl_state == NLBL_REQUIRE) | 243 | if (sksec->nlbl_state == NLBL_REQUIRE) |
| 248 | rc = selinux_netlbl_sock_setsid(sk, sksec->sid); | 244 | rc = selinux_netlbl_sock_setsid(sk, sksec->sid); |