Commit b6b8a371 authored by James Morris's avatar James Morris

Merge branch 'stable-3.16' of git://git.infradead.org/users/pcmoore/selinux into next

parents bd89bb78 4da6daf4
...@@ -987,7 +987,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) ...@@ -987,7 +987,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Retrieve the LSM-specific secid for the sock to enable caching of network * Retrieve the LSM-specific secid for the sock to enable caching of network
* authorizations. * authorizations.
* @sock_graft: * @sock_graft:
* Sets the socket's isec sid to the sock's sid. * This hook is called in response to a newly created sock struct being
* grafted onto an existing socket and allows the security module to
* perform whatever security attribute management is necessary for both
* the sock and socket.
* @inet_conn_request: * @inet_conn_request:
* Sets the openreq's sid to socket's sid with MLS portion taken from peer sid. * Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
* @inet_csk_clone: * @inet_csk_clone:
......
...@@ -4499,9 +4499,18 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent) ...@@ -4499,9 +4499,18 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
struct inode_security_struct *isec = SOCK_INODE(parent)->i_security; struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
struct sk_security_struct *sksec = sk->sk_security; struct sk_security_struct *sksec = sk->sk_security;
if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || switch (sk->sk_family) {
sk->sk_family == PF_UNIX) case PF_INET:
case PF_INET6:
case PF_UNIX:
isec->sid = sksec->sid; isec->sid = sksec->sid;
break;
default:
/* by default there is no special labeling mechanism for the
* sksec label so inherit the label from the parent socket */
BUG_ON(sksec->sid != SECINITSID_UNLABELED);
sksec->sid = isec->sid;
}
sksec->sclass = isec->sclass; sksec->sclass = isec->sclass;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment