Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 899134f2 authored by Paul Moore's avatar Paul Moore
Browse files

selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram()



We don't have to worry about socket inodes being invalidated so
use inode_security_novalidate() to fetch the inode's security blob.

Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 341e0cb5
Loading
Loading
Loading
Loading
+5 −3
Original line number Original line Diff line number Diff line
@@ -4598,6 +4598,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
{
{
	u32 peer_secid = SECSID_NULL;
	u32 peer_secid = SECSID_NULL;
	u16 family;
	u16 family;
	struct inode_security_struct *isec;


	if (skb && skb->protocol == htons(ETH_P_IP))
	if (skb && skb->protocol == htons(ETH_P_IP))
		family = PF_INET;
		family = PF_INET;
@@ -4608,9 +4609,10 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
	else
	else
		goto out;
		goto out;


	if (sock && family == PF_UNIX)
	if (sock && family == PF_UNIX) {
		selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
		isec = inode_security_novalidate(SOCK_INODE(sock));
	else if (skb)
		peer_secid = isec->sid;
	} else if (skb)
		selinux_skb_peerlbl_sid(skb, family, &peer_secid);
		selinux_skb_peerlbl_sid(skb, family, &peer_secid);


out:
out: