From 0faec0af1d244e190d4c8ae1925efdbcd3544d04 Mon Sep 17 00:00:00 2001
From: Paul Moore <paul.moore@hp.com>
Date: Tue, 29 Jan 2008 08:38:10 -0500
Subject: [PATCH] --- yaml --- r: 80885 b: refs/heads/master c:
 da5645a28a15aed2e541a814ecf9f7ffcd4c4673 h: refs/heads/master i:   80883:
 c0aa458e66627ae67d2b858bf4ae4343bd3ff3d0 v: v3

---
 [refs]                               |  2 +-
 trunk/security/selinux/avc.c         | 15 ++++++++++++---
 trunk/security/selinux/hooks.c       |  4 ++--
 trunk/security/selinux/include/avc.h |  2 +-
 4 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/[refs] b/[refs]
index ff3a6c5cbb82..9b2583efd32c 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: e8bfdb9d0dfc1231a6a71e849dfbd4447acdfff6
+refs/heads/master: da5645a28a15aed2e541a814ecf9f7ffcd4c4673
diff --git a/trunk/security/selinux/avc.c b/trunk/security/selinux/avc.c
index 81b3dff3cbf0..e8529e2f51e5 100644
--- a/trunk/security/selinux/avc.c
+++ b/trunk/security/selinux/avc.c
@@ -661,9 +661,18 @@ void avc_audit(u32 ssid, u32 tsid,
 						    "daddr", "dest");
 				break;
 			}
-			if (a->u.net.netif)
-				audit_log_format(ab, " netif=%s",
-					a->u.net.netif);
+			if (a->u.net.netif > 0) {
+				struct net_device *dev;
+
+				/* NOTE: we always use init's namespace */
+				dev = dev_get_by_index(&init_net,
+						       a->u.net.netif);
+				if (dev) {
+					audit_log_format(ab, " netif=%s",
+							 dev->name);
+					dev_put(dev);
+				}
+			}
 			break;
 		}
 	}
diff --git a/trunk/security/selinux/hooks.c b/trunk/security/selinux/hooks.c
index be544332214c..1a1fa3f20ef0 100644
--- a/trunk/security/selinux/hooks.c
+++ b/trunk/security/selinux/hooks.c
@@ -3928,7 +3928,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 		family = PF_INET;
 
 	AVC_AUDIT_DATA_INIT(&ad, NET);
-	ad.u.net.netif = skb->dev ? skb->dev->name : "[unknown]";
+	ad.u.net.netif = skb->iif;
 	ad.u.net.family = family;
 
 	err = selinux_parse_skb(skb, &ad, &addrp, &len, 1, NULL);
@@ -4259,7 +4259,7 @@ static unsigned int selinux_ip_postroute_last(unsigned int hooknum,
 	sksec = sk->sk_security;
 
 	AVC_AUDIT_DATA_INIT(&ad, NET);
-	ad.u.net.netif = dev->name;
+	ad.u.net.netif = dev->ifindex;
 	ad.u.net.family = family;
 
 	err = selinux_parse_skb(skb, &ad, &addrp, &len, 0, &proto);
diff --git a/trunk/security/selinux/include/avc.h b/trunk/security/selinux/include/avc.h
index 553607a19e92..80c28fa6621c 100644
--- a/trunk/security/selinux/include/avc.h
+++ b/trunk/security/selinux/include/avc.h
@@ -51,7 +51,7 @@ struct avc_audit_data {
 			struct inode *inode;
 		} fs;
 		struct {
-			char *netif;
+			int netif;
 			struct sock *sk;
 			u16 family;
 			__be16 dport;