1 files changed, 12 insertions, 4 deletions

diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 051b14c88e2d..d243ddc723a5 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -162,9 +162,13 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid)
 
         netlbl_secattr_init(&secattr);
         rc = netlbl_skbuff_getattr(skb, &secattr);
-        if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
+        if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {
                 rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid);
-        else
+                if (rc == 0 &&
+                    (secattr.flags & NETLBL_SECATTR_CACHEABLE) &&
+                    (secattr.flags & NETLBL_SECATTR_CACHE))
+                        netlbl_cache_add(skb, &secattr);
+        } else
                 *sid = SECSID_NULL;
         netlbl_secattr_destroy(&secattr);
 
@@ -307,11 +311,15 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
 
         netlbl_secattr_init(&secattr);
         rc = netlbl_skbuff_getattr(skb, &secattr);
-        if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
+        if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {
                 rc = security_netlbl_secattr_to_sid(&secattr,
                                                     SECINITSID_NETMSG,
                                                     &nlbl_sid);
-        else
+                if (rc == 0 &&
+                    (secattr.flags & NETLBL_SECATTR_CACHEABLE) &&
+                    (secattr.flags & NETLBL_SECATTR_CACHE))
+                        netlbl_cache_add(skb, &secattr);
+        } else
                 nlbl_sid = SECINITSID_UNLABELED;
         netlbl_secattr_destroy(&secattr);
         if (rc != 0)