selinux: always call sk_security_struct sksec (dd3e7836) · Commits · e / devices / android_kernel_teracube_2e

security/selinux/hooks.c

+25 −25

Original line number	Diff line number	Diff line
		@@ -293,28 +293,28 @@ static void superblock_free_security(struct super_block *sb)

		static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
		{
		struct sk_security_struct *ssec;
		struct sk_security_struct *sksec;

		ssec = kzalloc(sizeof(*ssec), priority);
		if (!ssec)
		sksec = kzalloc(sizeof(*sksec), priority);
		if (!sksec)
		return -ENOMEM;

		ssec->peer_sid = SECINITSID_UNLABELED;
		ssec->sid = SECINITSID_UNLABELED;
		sk->sk_security = ssec;
		sksec->peer_sid = SECINITSID_UNLABELED;
		sksec->sid = SECINITSID_UNLABELED;
		sk->sk_security = sksec;

		selinux_netlbl_sk_security_reset(ssec);
		selinux_netlbl_sk_security_reset(sksec);

		return 0;
		}

		static void sk_free_security(struct sock *sk)
		{
		struct sk_security_struct *ssec = sk->sk_security;
		struct sk_security_struct *sksec = sk->sk_security;

		sk->sk_security = NULL;
		selinux_netlbl_sk_security_free(ssec);
		kfree(ssec);
		selinux_netlbl_sk_security_free(sksec);
		kfree(sksec);
		}

		/* The security server must be initialized before
		@@ -4002,7 +4002,7 @@ static int selinux_socket_unix_stream_connect(struct socket *sock,
		struct socket *other,
		struct sock *newsk)
		{
		struct sk_security_struct *ssec;
		struct sk_security_struct *sksec;
		struct inode_security_struct *isec;
		struct inode_security_struct *other_isec;
		struct common_audit_data ad;
		@@ -4021,13 +4021,13 @@ static int selinux_socket_unix_stream_connect(struct socket *sock,
		return err;

		/* connecting socket */
		ssec = sock->sk->sk_security;
		ssec->peer_sid = other_isec->sid;
		sksec = sock->sk->sk_security;
		sksec->peer_sid = other_isec->sid;

		/* server child socket */
		ssec = newsk->sk_security;
		ssec->peer_sid = isec->sid;
		err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
		sksec = newsk->sk_security;
		sksec->peer_sid = isec->sid;
		err = security_sid_mls_copy(other_isec->sid, sksec->peer_sid, &sksec->sid);

		return err;
		}
		@@ -4190,7 +4190,7 @@ static int selinux_socket_getpeersec_stream(struct socket sock, char __user op
		int err = 0;
		char *scontext;
		u32 scontext_len;
		struct sk_security_struct *ssec;
		struct sk_security_struct *sksec;
		struct inode_security_struct *isec;
		u32 peer_sid = SECSID_NULL;

		@@ -4198,8 +4198,8 @@ static int selinux_socket_getpeersec_stream(struct socket sock, char __user op

		if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET \|\|
		isec->sclass == SECCLASS_TCP_SOCKET) {
		ssec = sock->sk->sk_security;
		peer_sid = ssec->peer_sid;
		sksec = sock->sk->sk_security;
		peer_sid = sksec->peer_sid;
		}
		if (peer_sid == SECSID_NULL) {
		err = -ENOPROTOOPT;
		@@ -4266,14 +4266,14 @@ static void selinux_sk_free_security(struct sock *sk)

		static void selinux_sk_clone_security(const struct sock sk, struct sock newsk)
		{
		struct sk_security_struct *ssec = sk->sk_security;
		struct sk_security_struct *newssec = newsk->sk_security;
		struct sk_security_struct *sksec = sk->sk_security;
		struct sk_security_struct *newsksec = newsk->sk_security;

		newssec->sid = ssec->sid;
		newssec->peer_sid = ssec->peer_sid;
		newssec->sclass = ssec->sclass;
		newsksec->sid = sksec->sid;
		newsksec->peer_sid = sksec->peer_sid;
		newsksec->sclass = sksec->sclass;

		selinux_netlbl_sk_security_reset(newssec);
		selinux_netlbl_sk_security_reset(newsksec);
		}

		static void selinux_sk_getsecid(struct sock sk, u32 secid)

security/selinux/include/netlabel.h

+4 −4

Original line number	Diff line number	Diff line
		@@ -42,8 +42,8 @@ void selinux_netlbl_cache_invalidate(void);

		void selinux_netlbl_err(struct sk_buff *skb, int error, int gateway);

		void selinux_netlbl_sk_security_free(struct sk_security_struct *ssec);
		void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec);
		void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec);
		void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec);

		int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
		u16 family,
		@@ -79,13 +79,13 @@ static inline void selinux_netlbl_err(struct sk_buff *skb,
		}

		static inline void selinux_netlbl_sk_security_free(
		struct sk_security_struct *ssec)
		struct sk_security_struct *sksec)
		{
		return;
		}

		static inline void selinux_netlbl_sk_security_reset(
		struct sk_security_struct *ssec)
		struct sk_security_struct *sksec)
		{
		return;
		}

security/selinux/netlabel.c

+7 −7

Original line number	Diff line number	Diff line
		@@ -131,21 +131,21 @@ void selinux_netlbl_err(struct sk_buff *skb, int error, int gateway)

		/**
		* selinux_netlbl_sk_security_free - Free the NetLabel fields
		* @sssec: the sk_security_struct
		* @sksec: the sk_security_struct
		*
		* Description:
		* Free all of the memory in the NetLabel fields of a sk_security_struct.
		*
		*/
		void selinux_netlbl_sk_security_free(struct sk_security_struct *ssec)
		void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec)
		{
		if (ssec->nlbl_secattr != NULL)
		netlbl_secattr_free(ssec->nlbl_secattr);
		if (sksec->nlbl_secattr != NULL)
		netlbl_secattr_free(sksec->nlbl_secattr);
		}

		/**
		* selinux_netlbl_sk_security_reset - Reset the NetLabel fields
		* @ssec: the sk_security_struct
		* @sksec: the sk_security_struct
		* @family: the socket family
		*
		* Description:
		@@ -153,9 +153,9 @@ void selinux_netlbl_sk_security_free(struct sk_security_struct *ssec)
		* The caller is responsibile for all the NetLabel sk_security_struct locking.
		*
		*/
		void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec)
		void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec)
		{
		ssec->nlbl_state = NLBL_UNSET;
		sksec->nlbl_state = NLBL_UNSET;
		}

		/**