Commit 899134f2 authored by Paul Moore's avatar Paul Moore

selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram()

We don't have to worry about socket inodes being invalidated so
use inode_security_novalidate() to fetch the inode's security blob.
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 341e0cb5
...@@ -4598,6 +4598,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * ...@@ -4598,6 +4598,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
{ {
u32 peer_secid = SECSID_NULL; u32 peer_secid = SECSID_NULL;
u16 family; u16 family;
struct inode_security_struct *isec;
if (skb && skb->protocol == htons(ETH_P_IP)) if (skb && skb->protocol == htons(ETH_P_IP))
family = PF_INET; family = PF_INET;
...@@ -4608,9 +4609,10 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * ...@@ -4608,9 +4609,10 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
else else
goto out; goto out;
if (sock && family == PF_UNIX) if (sock && family == PF_UNIX) {
selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid); isec = inode_security_novalidate(SOCK_INODE(sock));
else if (skb) peer_secid = isec->sid;
} else if (skb)
selinux_skb_peerlbl_sid(skb, family, &peer_secid); selinux_skb_peerlbl_sid(skb, family, &peer_secid);
out: out:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment