diff options
author | Paul Moore <paul.moore@hp.com> | 2006-09-25 15:52:01 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-09-25 15:52:01 -0700 |
commit | 14a72f53fb1bb5d5c2bdd8cf172219519664729a (patch) | |
tree | 95a077fb9289a95c352af77f18f12e5aba3313c6 /net/netlabel | |
parent | 597811ec167fa01c926a0957a91d9e39baa30e64 (diff) | |
download | linux-stable-14a72f53fb1bb5d5c2bdd8cf172219519664729a.tar.gz linux-stable-14a72f53fb1bb5d5c2bdd8cf172219519664729a.tar.bz2 linux-stable-14a72f53fb1bb5d5c2bdd8cf172219519664729a.zip |
[NetLabel]: correct improper handling of non-NetLabel peer contexts
Fix a problem where NetLabel would always set the value of
sk_security_struct->peer_sid in selinux_netlbl_sock_graft() to the context of
the socket, causing problems when users would query the context of the
connection. This patch fixes this so that the value in
sk_security_struct->peer_sid is only set when the connection is NetLabel based,
otherwise the value is untouched.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlabel')
-rw-r--r-- | net/netlabel/netlabel_kapi.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 0fd8aaafe23f..54fb7de3c2b1 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -85,6 +85,29 @@ socket_setattr_return: } /** + * netlbl_sock_getattr - Determine the security attributes of a sock + * @sk: the sock + * @secattr: the security attributes + * + * Description: + * Examines the given sock to see any NetLabel style labeling has been + * applied to the sock, if so it parses the socket label and returns the + * security attributes in @secattr. Returns zero on success, negative values + * on failure. + * + */ +int netlbl_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr) +{ + int ret_val; + + ret_val = cipso_v4_sock_getattr(sk, secattr); + if (ret_val == 0) + return 0; + + return netlbl_unlabel_getattr(secattr); +} + +/** * netlbl_socket_getattr - Determine the security attributes of a socket * @sock: the socket * @secattr: the security attributes |