From 899134f2f6e27dcae1fee12593c492577cc80987 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Mon, 28 Mar 2016 15:19:10 -0400 Subject: [PATCH] selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram() We don't have to worry about socket inodes being invalidated so use inode_security_novalidate() to fetch the inode's security blob. Signed-off-by: Paul Moore --- security/selinux/hooks.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 912deee3f01e..65642be91644 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4598,6 +4598,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * { u32 peer_secid = SECSID_NULL; u16 family; + struct inode_security_struct *isec; if (skb && skb->protocol == htons(ETH_P_IP)) family = PF_INET; @@ -4608,9 +4609,10 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * else goto out; - if (sock && family == PF_UNIX) - selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid); - else if (skb) + if (sock && family == PF_UNIX) { + isec = inode_security_novalidate(SOCK_INODE(sock)); + peer_secid = isec->sid; + } else if (skb) selinux_skb_peerlbl_sid(skb, family, &peer_secid); out: -- 2.39.5