diff options
Diffstat (limited to 'security/selinux/xfrm.c')
| -rw-r--r-- | security/selinux/xfrm.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index a502b0540e3d..c750ef7af66f 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
| @@ -158,11 +158,11 @@ int selinux_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm) | |||
| 158 | * LSM hook implementation that determines the sid for the session. | 158 | * LSM hook implementation that determines the sid for the session. |
| 159 | */ | 159 | */ |
| 160 | 160 | ||
| 161 | int selinux_xfrm_decode_session(struct sk_buff *skb, struct flowi *fl) | 161 | int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) |
| 162 | { | 162 | { |
| 163 | struct sec_path *sp; | 163 | struct sec_path *sp; |
| 164 | 164 | ||
| 165 | fl->secid = SECSID_NULL; | 165 | *sid = SECSID_NULL; |
| 166 | 166 | ||
| 167 | if (skb == NULL) | 167 | if (skb == NULL) |
| 168 | return 0; | 168 | return 0; |
| @@ -177,10 +177,13 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, struct flowi *fl) | |||
| 177 | struct xfrm_sec_ctx *ctx = x->security; | 177 | struct xfrm_sec_ctx *ctx = x->security; |
| 178 | 178 | ||
| 179 | if (!sid_set) { | 179 | if (!sid_set) { |
| 180 | fl->secid = ctx->ctx_sid; | 180 | *sid = ctx->ctx_sid; |
| 181 | sid_set = 1; | 181 | sid_set = 1; |
| 182 | |||
| 183 | if (!ckall) | ||
| 184 | break; | ||
| 182 | } | 185 | } |
| 183 | else if (fl->secid != ctx->ctx_sid) | 186 | else if (*sid != ctx->ctx_sid) |
| 184 | return -EINVAL; | 187 | return -EINVAL; |
| 185 | } | 188 | } |
| 186 | } | 189 | } |