SELinux: Return correct context for SO_PEERSEC

 *	Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.

 * @inet_csk_clone:

 *	Sets the new child socket's sid to the openreq sid.

 * @inet_conn_established:

 *     Sets the connection's peersid to the secmark on skb.

 * @req_classify_flow:

 *	Sets the flow's sid to the openreq sid.

 *

	int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb,

					struct request_sock *req);

	void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req);

	void (*inet_conn_established)(struct sock *sk, struct sk_buff *skb);

	void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl);

#endif	/* CONFIG_SECURITY_NETWORK */

{

	security_ops->inet_csk_clone(newsk, req);

}

static inline void security_inet_conn_established(struct sock *sk,

			struct sk_buff *skb)

{

	security_ops->inet_conn_established(sk, skb);

}

#else	/* CONFIG_SECURITY_NETWORK */

static inline int security_unix_stream_connect(struct socket * sock,

					       struct socket * other,

			const struct request_sock *req)

{

}

static inline void security_inet_conn_established(struct sock *sk,

			struct sk_buff *skb)

{

}

#endif	/* CONFIG_SECURITY_NETWORK */

#ifdef CONFIG_SECURITY_NETWORK_XFRM

	struct request_sock_ops		*rsk_ops;

	struct sock			*sk;

	u32				secid;

	u32				peer_secid;

};

static inline struct request_sock *reqsk_alloc(struct request_sock_ops *ops)

		mb();

		tcp_set_state(sk, TCP_ESTABLISHED);

		security_inet_conn_established(sk, skb);

		/* Make sure socket is routed, for correct metrics.  */

		icsk->icsk_af_ops->rebuild_header(sk);

{

}

static inline void dummy_inet_conn_established(struct sock *sk,

			struct sk_buff *skb)

{

}

static inline void dummy_req_classify_flow(const struct request_sock *req,

			struct flowi *fl)

{

	set_to_dummy_if_null(ops, sock_graft);

	set_to_dummy_if_null(ops, inet_conn_request);

	set_to_dummy_if_null(ops, inet_csk_clone);

	set_to_dummy_if_null(ops, inet_conn_established);

	set_to_dummy_if_null(ops, req_classify_flow);

 #endif	/* CONFIG_SECURITY_NETWORK */

#ifdef  CONFIG_SECURITY_NETWORK_XFRM

	}

	else if (isec->sclass == SECCLASS_TCP_SOCKET) {

		peer_sid = selinux_netlbl_socket_getpeersec_stream(sock);

		if (peer_sid == SECSID_NULL)

			peer_sid = selinux_socket_getpeer_stream(sock->sk);

		if (peer_sid == SECSID_NULL) {

			ssec = sock->sk->sk_security;

			peer_sid = ssec->peer_sid;

		}

		if (peer_sid == SECSID_NULL) {

			err = -ENOPROTOOPT;

			goto out;

		return 0;

	}

	err = selinux_xfrm_decode_session(skb, &peersid, 0);

	BUG_ON(err);

	selinux_skb_xfrm_sid(skb, &peersid);

	if (peersid == SECSID_NULL) {

		req->secid = sksec->sid;

		req->peer_secid = 0;

		return 0;

	}

		return err;

	req->secid = newsid;

	req->peer_secid = peersid;

	return 0;

}

	struct sk_security_struct *newsksec = newsk->sk_security;

	newsksec->sid = req->secid;

	newsksec->peer_sid = req->peer_secid;

	/* NOTE: Ideally, we should also get the isec->sid for the

	   new socket in sync, but we don't have the isec available yet.

	   So we will wait until sock_graft to do it, by which

	selinux_netlbl_sk_security_init(newsksec, req->rsk_ops->family);

}

static void selinux_inet_conn_established(struct sock *sk,

				struct sk_buff *skb)

{

	struct sk_security_struct *sksec = sk->sk_security;

	selinux_skb_xfrm_sid(skb, &sksec->peer_sid);

}

static void selinux_req_classify_flow(const struct request_sock *req,

				      struct flowi *fl)

{

	.sock_graft =			selinux_sock_graft,

	.inet_conn_request =		selinux_inet_conn_request,

	.inet_csk_clone =		selinux_inet_csk_clone,

	.inet_conn_established =	selinux_inet_conn_established,

	.req_classify_flow =		selinux_req_classify_flow,

#ifdef CONFIG_SECURITY_NETWORK_XFRM