diff options
author | Paul Moore <paul.moore@hp.com> | 2007-07-30 16:33:26 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2007-08-02 11:52:21 -0400 |
commit | 9534f71ca33e5a9de26dfd43c76af86e005005dd (patch) | |
tree | 344444735f541f79ed98cc38fa9040bc018ec66e /security | |
parent | 1ed4395035a6791ebbbf618429a58ab9c207cc83 (diff) |
SELinux: restore proper NetLabel caching behavior
A small fix to the SELinux/NetLabel glue code to ensure that the NetLabel
cache is utilized when possible. This was broken when the SELinux/NetLabel
glue code was reorganized in the last kernel release.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/netlabel.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 051b14c88e2d..d243ddc723a5 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -162,9 +162,13 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid) netlbl_secattr_init(&secattr); rc = netlbl_skbuff_getattr(skb, &secattr); - if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) + if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) { rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid); - else + if (rc == 0 && + (secattr.flags & NETLBL_SECATTR_CACHEABLE) && + (secattr.flags & NETLBL_SECATTR_CACHE)) + netlbl_cache_add(skb, &secattr); + } else *sid = SECSID_NULL; netlbl_secattr_destroy(&secattr); @@ -307,11 +311,15 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, netlbl_secattr_init(&secattr); rc = netlbl_skbuff_getattr(skb, &secattr); - if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) + if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) { rc = security_netlbl_secattr_to_sid(&secattr, SECINITSID_NETMSG, &nlbl_sid); - else + if (rc == 0 && + (secattr.flags & NETLBL_SECATTR_CACHEABLE) && + (secattr.flags & NETLBL_SECATTR_CACHE)) + netlbl_cache_add(skb, &secattr); + } else nlbl_sid = SECINITSID_UNLABELED; netlbl_secattr_destroy(&secattr); if (rc != 0) |