selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram()

We don't have to worry about socket inodes being invalidated so use inode_security_novalidate() to fetch the inode's security blob. Signed-off-by: Paul Moore <paul@paul-moore.com>

selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram()
We don't have to worry about socket inodes being invalidated so use inode_security_novalidate() to fetch the inode's security blob. Signed-off-by: Paul Moore <paul@paul-moore.com>
899134f2 · Paul Moore · 341e0cb5 · 899134f2
Commit 899134f2 authored Mar 28, 2016 by Paul Moore
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 3 deletions

security/selinux/hooks.c security/selinux/hooks.c +5 -3

No files found.
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4598,6 +4598,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
 {
 	u32 peer_secid = SECSID_NULL;
 	u16 family;
+	struct inode_security_struct *isec;

 	if (skb && skb->protocol == htons(ETH_P_IP))
 		family = PF_INET;
@@ -4608,9 +4609,10 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
 	else
 		goto out;

-	if (sock && family == PF_UNIX)
-		selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
-	else if (skb)
+	if (sock && family == PF_UNIX) {
+		isec = inode_security_novalidate(SOCK_INODE(sock));
+		peer_secid = isec->sid;
+	} else if (skb)
 		selinux_skb_peerlbl_sid(skb, family, &peer_secid);

 out: