summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2014-07-30 01:31:46 +1000
committerJames Morris <james.l.morris@oracle.com>2014-07-30 01:31:46 +1000
commit167225b775d47954d702db4743f9d918aabab0a8 (patch)
treee03a05550c87c702fe4c746dd156a8bd38de3651
parentb64cc5fb85f38ae7ca3c67a8fea9ad8c0d068bfa (diff)
parent2873ead7e46694910ac49c3a8ee0f54956f96e0c (diff)
downloadlwn-167225b775d47954d702db4743f9d918aabab0a8.tar.gz
lwn-167225b775d47954d702db4743f9d918aabab0a8.zip
Merge branch 'stable-3.16' of git://git.infradead.org/users/pcmoore/selinux into next
-rw-r--r--include/linux/security.h5
-rw-r--r--security/selinux/hooks.c13
2 files changed, 3 insertions, 15 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 0ae4b147718a..623f90e5f38d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -996,10 +996,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Retrieve the LSM-specific secid for the sock to enable caching of network
* authorizations.
* @sock_graft:
- * This hook is called in response to a newly created sock struct being
- * grafted onto an existing socket and allows the security module to
- * perform whatever security attribute management is necessary for both
- * the sock and socket.
+ * Sets the socket's isec sid to the sock's sid.
* @inet_conn_request:
* Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
* @inet_csk_clone:
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7740f61588d6..b0e940497e23 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4510,18 +4510,9 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
struct sk_security_struct *sksec = sk->sk_security;
- switch (sk->sk_family) {
- case PF_INET:
- case PF_INET6:
- case PF_UNIX:
+ if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
+ sk->sk_family == PF_UNIX)
isec->sid = sksec->sid;
- break;
- default:
- /* by default there is no special labeling mechanism for the
- * sksec label so inherit the label from the parent socket */
- BUG_ON(sksec->sid != SECINITSID_UNLABELED);
- sksec->sid = isec->sid;
- }
sksec->sclass = isec->sclass;
}