---

yaml --- r: 201859 b: refs/heads/master c: 4d1e245 h: refs/heads/master i: 201857: e880a3b 201855: f0c69eb v: v3
git-mirror · Aug 2, 2010 · f7a6e76 · f7a6e76
1 parent 1ef58e7
commit f7a6e76
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 17 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: e79acf0ef45e0b54aed47ebea7f25c540d3f527e
+refs/heads/master: 4d1e24514d80cb266231d0c1b6c02161970ad019
diff --git a/trunk/security/selinux/hooks.c b/trunk/security/selinux/hooks.c
@@ -3980,34 +3980,32 @@ static int selinux_socket_unix_stream_connect(struct socket *sock,
 					      struct socket *other,
 					      struct sock *newsk)
 {
-	struct sk_security_struct *sksec;
-	struct inode_security_struct *isec;
-	struct inode_security_struct *other_isec;
+	struct sk_security_struct *sksec_sock = sock->sk->sk_security;
+	struct sk_security_struct *sksec_other = other->sk->sk_security;
+	struct sk_security_struct *sksec_new = newsk->sk_security;
 	struct common_audit_data ad;
 	int err;
 
-	isec = SOCK_INODE(sock)->i_security;
-	other_isec = SOCK_INODE(other)->i_security;
-
 	COMMON_AUDIT_DATA_INIT(&ad, NET);
 	ad.u.net.sk = other->sk;
 
-	err = avc_has_perm(isec->sid, other_isec->sid,
-			   isec->sclass,
+	err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
+			   sksec_other->sclass,
 			   UNIX_STREAM_SOCKET__CONNECTTO, &ad);
 	if (err)
 		return err;
 
-	/* connecting socket */
-	sksec = sock->sk->sk_security;
-	sksec->peer_sid = other_isec->sid;
-
 	/* server child socket */
-	sksec = newsk->sk_security;
-	sksec->peer_sid = isec->sid;
-	err = security_sid_mls_copy(other_isec->sid, sksec->peer_sid, &sksec->sid);
+	sksec_new->peer_sid = sksec_sock->sid;
+	err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
+				    &sksec_new->sid);
+	if (err)
+		return err;
 
-	return err;
+	/* connecting socket */
+	sksec_sock->peer_sid = sksec_new->sid;
+
+	return 0;
 }
 
 static int selinux_socket_unix_may_send(struct socket *sock,