selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

We don't have to worry about socket inodes being invalidated so
use inode_security_novalidate() to fetch the inode's security blob.

Signed-off-by: Paul Moore <paul@paul-moore.com>

Paul Moore 10 years ago 899134f2 341e0cb5

+5 -3

1 changed file

expand all

security

selinux

hooks.c

+5 -3

security/selinux/hooks.c

··· 4598 4598 { 4599 4599 u32 peer_secid = SECSID_NULL; 4600 4600 u16 family; 4601 + struct inode_security_struct *isec; 4601 4602 4602 4603 if (skb && skb->protocol == htons(ETH_P_IP)) 4603 4604 family = PF_INET; ··· 4609 4608 else 4610 4609 goto out; 4611 4610 4612 - if (sock && family == PF_UNIX) 4613 - selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid); 4614 - else if (skb) 4611 + if (sock && family == PF_UNIX) { 4612 + isec = inode_security_novalidate(SOCK_INODE(sock)); 4613 + peer_secid = isec->sid; 4614 + } else if (skb) 4615 4615 selinux_skb_peerlbl_sid(skb, family, &peer_secid); 4616 4616 4617 4617 out: