From 4003cfbe27838739401d58c4680653cd6de321cd Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Thu, 22 Apr 2010 14:46:18 -0400 Subject: [PATCH] --- yaml --- r: 201860 b: refs/heads/master c: d4f2d97841827cb876da8b607df05a3dab812416 h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/security/selinux/hooks.c | 32 ++++++++++++-------------------- 2 files changed, 13 insertions(+), 21 deletions(-) diff --git a/[refs] b/[refs] index 1f4a1c561960..7105ba689cf0 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 4d1e24514d80cb266231d0c1b6c02161970ad019 +refs/heads/master: d4f2d97841827cb876da8b607df05a3dab812416 diff --git a/trunk/security/selinux/hooks.c b/trunk/security/selinux/hooks.c index 190fd0ffb13e..2d94a406574e 100644 --- a/trunk/security/selinux/hooks.c +++ b/trunk/security/selinux/hooks.c @@ -3671,6 +3671,12 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) } /* socket security operations */ + +static u32 socket_sockcreate_sid(const struct task_security_struct *tsec) +{ + return tsec->sockcreate_sid ? : tsec->sid; +} + static int socket_has_perm(struct task_struct *task, struct socket *sock, u32 perms) { @@ -3698,21 +3704,15 @@ static int selinux_socket_create(int family, int type, { const struct cred *cred = current_cred(); const struct task_security_struct *tsec = cred->security; - u32 sid, newsid; + u32 newsid; u16 secclass; - int err = 0; if (kern) - goto out; - - sid = tsec->sid; - newsid = tsec->sockcreate_sid ?: sid; + return 0; + newsid = socket_sockcreate_sid(tsec); secclass = socket_type_to_security_class(family, type, protocol); - err = avc_has_perm(sid, newsid, secclass, SOCKET__CREATE, NULL); - -out: - return err; + return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); } static int selinux_socket_post_create(struct socket *sock, int family, @@ -3720,22 +3720,14 @@ static int selinux_socket_post_create(struct socket *sock, int family, { const struct cred *cred = current_cred(); const struct task_security_struct *tsec = cred->security; - struct inode_security_struct *isec; + struct inode_security_struct *isec = SOCK_INODE(sock)->i_security; struct sk_security_struct *sksec; - u32 sid, newsid; int err = 0; - sid = tsec->sid; - newsid = tsec->sockcreate_sid; - - isec = SOCK_INODE(sock)->i_security; - if (kern) isec->sid = SECINITSID_KERNEL; - else if (newsid) - isec->sid = newsid; else - isec->sid = sid; + isec->sid = socket_sockcreate_sid(tsec); isec->sclass = socket_type_to_security_class(family, type, protocol); isec->initialized = 1;