mirror of https://gitee.com/openkylin/linux.git
selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram()
We don't have to worry about socket inodes being invalidated so use inode_security_novalidate() to fetch the inode's security blob. Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
341e0cb593
commit
899134f2f6
|
@ -4598,6 +4598,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
|
|||
{
|
||||
u32 peer_secid = SECSID_NULL;
|
||||
u16 family;
|
||||
struct inode_security_struct *isec;
|
||||
|
||||
if (skb && skb->protocol == htons(ETH_P_IP))
|
||||
family = PF_INET;
|
||||
|
@ -4608,9 +4609,10 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
|
|||
else
|
||||
goto out;
|
||||
|
||||
if (sock && family == PF_UNIX)
|
||||
selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
|
||||
else if (skb)
|
||||
if (sock && family == PF_UNIX) {
|
||||
isec = inode_security_novalidate(SOCK_INODE(sock));
|
||||
peer_secid = isec->sid;
|
||||
} else if (skb)
|
||||
selinux_skb_peerlbl_sid(skb, family, &peer_secid);
|
||||
|
||||
out:
|
||||
|
|
Loading…
Reference in New Issue