aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/services.c29
1 files changed, 9 insertions, 20 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index bb2d2bc869ba..18274b005090 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2336,7 +2336,7 @@ static int selinux_netlbl_secattr_to_sid(struct sk_buff *skb,
2336 selinux_netlbl_cache_add(skb, &ctx_new); 2336 selinux_netlbl_cache_add(skb, &ctx_new);
2337 ebitmap_destroy(&ctx_new.range.level[0].cat); 2337 ebitmap_destroy(&ctx_new.range.level[0].cat);
2338 } else { 2338 } else {
2339 *sid = SECINITSID_UNLABELED; 2339 *sid = SECSID_NULL;
2340 rc = 0; 2340 rc = 0;
2341 } 2341 }
2342 2342
@@ -2519,7 +2519,7 @@ void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock)
2519 if (netlbl_sock_getattr(sk, &secattr) == 0 && 2519 if (netlbl_sock_getattr(sk, &secattr) == 0 &&
2520 selinux_netlbl_secattr_to_sid(NULL, 2520 selinux_netlbl_secattr_to_sid(NULL,
2521 &secattr, 2521 &secattr,
2522 sksec->sid, 2522 SECINITSID_UNLABELED,
2523 &nlbl_peer_sid) == 0) 2523 &nlbl_peer_sid) == 0)
2524 sksec->peer_sid = nlbl_peer_sid; 2524 sksec->peer_sid = nlbl_peer_sid;
2525 netlbl_secattr_destroy(&secattr); 2525 netlbl_secattr_destroy(&secattr);
@@ -2552,9 +2552,6 @@ u32 selinux_netlbl_inet_conn_request(struct sk_buff *skb, u32 sock_sid)
2552 if (rc != 0) 2552 if (rc != 0)
2553 return SECSID_NULL; 2553 return SECSID_NULL;
2554 2554
2555 if (peer_sid == SECINITSID_UNLABELED)
2556 return SECSID_NULL;
2557
2558 return peer_sid; 2555 return peer_sid;
2559} 2556}
2560 2557
@@ -2616,11 +2613,13 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
2616 u32 netlbl_sid; 2613 u32 netlbl_sid;
2617 u32 recv_perm; 2614 u32 recv_perm;
2618 2615
2619 rc = selinux_netlbl_skbuff_getsid(skb, SECINITSID_NETMSG, &netlbl_sid); 2616 rc = selinux_netlbl_skbuff_getsid(skb,
2617 SECINITSID_UNLABELED,
2618 &netlbl_sid);
2620 if (rc != 0) 2619 if (rc != 0)
2621 return rc; 2620 return rc;
2622 2621
2623 if (netlbl_sid == SECINITSID_UNLABELED) 2622 if (netlbl_sid == SECSID_NULL)
2624 return 0; 2623 return 0;
2625 2624
2626 switch (sksec->sclass) { 2625 switch (sksec->sclass) {
@@ -2658,10 +2657,6 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
2658u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock) 2657u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock)
2659{ 2658{
2660 struct sk_security_struct *sksec = sock->sk->sk_security; 2659 struct sk_security_struct *sksec = sock->sk->sk_security;
2661
2662 if (sksec->peer_sid == SECINITSID_UNLABELED)
2663 return SECSID_NULL;
2664
2665 return sksec->peer_sid; 2660 return sksec->peer_sid;
2666} 2661}
2667 2662
@@ -2677,16 +2672,10 @@ u32 selinux_netlbl_socket_getpeersec_stream(struct socket *sock)
2677u32 selinux_netlbl_socket_getpeersec_dgram(struct sk_buff *skb) 2672u32 selinux_netlbl_socket_getpeersec_dgram(struct sk_buff *skb)
2678{ 2673{
2679 int peer_sid; 2674 int peer_sid;
2680 struct sock *sk = skb->sk;
2681 struct inode_security_struct *isec;
2682 2675
2683 if (sk == NULL || sk->sk_socket == NULL) 2676 if (selinux_netlbl_skbuff_getsid(skb,
2684 return SECSID_NULL; 2677 SECINITSID_UNLABELED,
2685 2678 &peer_sid) != 0)
2686 isec = SOCK_INODE(sk->sk_socket)->i_security;
2687 if (selinux_netlbl_skbuff_getsid(skb, isec->sid, &peer_sid) != 0)
2688 return SECSID_NULL;
2689 if (peer_sid == SECINITSID_UNLABELED)
2690 return SECSID_NULL; 2679 return SECSID_NULL;
2691 2680
2692 return peer_sid; 2681 return peer_sid;