Gitweb:
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9534f71ca33e5a9de26dfd43c76af86e005005dd
Commit: 9534f71ca33e5a9de26dfd43c76af86e005005dd
Parent: 1ed4395035a6791ebbbf618429a58ab9c207cc83
Author: Paul Moore <[EMAIL PROTECTED]>
AuthorDate: Mon Jul 30 16:33:26 2007 -0400
Committer: James Morris <[EMAIL PROTECTED]>
CommitDate: Thu Aug 2 11:52:21 2007 -0400
SELinux: restore proper NetLabel caching behavior
A small fix to the SELinux/NetLabel glue code to ensure that the NetLabel
cache is utilized when possible. This was broken when the SELinux/NetLabel
glue code was reorganized in the last kernel release.
Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
include/net/netlabel.h | 2 ++
security/selinux/netlabel.c | 16 ++++++++++++----
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index ffbc7f2..2e5b2f6 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -132,6 +132,8 @@ struct netlbl_lsm_secattr_catmap {
#define NETLBL_SECATTR_CACHE 0x00000002
#define NETLBL_SECATTR_MLS_LVL 0x00000004
#define NETLBL_SECATTR_MLS_CAT 0x00000008
+#define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \
+ NETLBL_SECATTR_MLS_CAT)
struct netlbl_lsm_secattr {
u32 flags;
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 051b14c..d243ddc 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -162,9 +162,13 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32
base_sid, u32 *sid)
netlbl_secattr_init(&secattr);
rc = netlbl_skbuff_getattr(skb, &secattr);
- if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
+ if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {
rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid);
- else
+ if (rc == 0 &&
+ (secattr.flags & NETLBL_SECATTR_CACHEABLE) &&
+ (secattr.flags & NETLBL_SECATTR_CACHE))
+ netlbl_cache_add(skb, &secattr);
+ } else
*sid = SECSID_NULL;
netlbl_secattr_destroy(&secattr);
@@ -307,11 +311,15 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct
*sksec,
netlbl_secattr_init(&secattr);
rc = netlbl_skbuff_getattr(skb, &secattr);
- if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
+ if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {
rc = security_netlbl_secattr_to_sid(&secattr,
SECINITSID_NETMSG,
&nlbl_sid);
- else
+ if (rc == 0 &&
+ (secattr.flags & NETLBL_SECATTR_CACHEABLE) &&
+ (secattr.flags & NETLBL_SECATTR_CACHE))
+ netlbl_cache_add(skb, &secattr);
+ } else
nlbl_sid = SECINITSID_UNLABELED;
netlbl_secattr_destroy(&secattr);
if (rc != 0)
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
