p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram() 

We don't have to worry about socket inodes being invalidated so
use inode_security_novalidate() to fetch the inode's security blob.

Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Paul Moore 2016-03-28 15:19:10 -04:00
parent 341e0cb593
commit 899134f2f6
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
security/selinux/hooks.c
View File

@ -4598,6 +4598,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
{
u32 peer_secid = SECSID_NULL;
u16 family;
struct inode_security_struct *isec;
if (skb && skb->protocol == htons(ETH_P_IP))
family = PF_INET;
@ -4608,9 +4609,10 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
else
goto out;
if (sock && family == PF_UNIX)
selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
else if (skb)
if (sock && family == PF_UNIX) {
isec = inode_security_novalidate(SOCK_INODE(sock));
peer_secid = isec->sid;
} else if (skb)
selinux_skb_peerlbl_sid(skb, family, &peer_secid);
out: