Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next

[linux-2.6-microblaze.git] / security / selinux / hooks.c

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ae86724..9a46dc2 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -274,11 +274,10 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
  * Try reloading inode security labels that have been marked as invalid.  The
  * @may_sleep parameter indicates when sleeping and thus reloading labels is
  * allowed; when set to false, returns -ECHILD when the label is
- * invalid.  The @opt_dentry parameter should be set to a dentry of the inode;
- * when no dentry is available, set it to NULL instead.
+ * invalid.  The @dentry parameter should be set to a dentry of the inode.
  */
 static int __inode_security_revalidate(struct inode *inode,
-                                      struct dentry *opt_dentry,
+                                      struct dentry *dentry,
                                       bool may_sleep)
 {
        struct inode_security_struct *isec = inode->i_security;
@@ -295,7 +294,7 @@ static int __inode_security_revalidate(struct inode *inode,
                 * @opt_dentry is NULL and no dentry for this inode can be
                 * found; in that case, continue using the old label.
                 */
-               inode_doinit_with_dentry(inode, opt_dentry);
+               inode_doinit_with_dentry(inode, dentry);
        }
        return 0;
 }
@@ -3308,7 +3307,8 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
                        } else {
                                audit_size = 0;
                        }
-                       ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
+                       ab = audit_log_start(audit_context(),
+                                            GFP_ATOMIC, AUDIT_SELINUX_ERR);
                        audit_log_format(ab, "op=setxattr invalid_context=");
                        audit_log_n_untrustedstring(ab, value, audit_size);
                        audit_log_end(ab);
@@ -4583,6 +4583,18 @@ static int selinux_socket_post_create(struct socket *sock, int family,
        return err;
 }
 
+static int selinux_socket_socketpair(struct socket *socka,
+                                    struct socket *sockb)
+{
+       struct sk_security_struct *sksec_a = socka->sk->sk_security;
+       struct sk_security_struct *sksec_b = sockb->sk->sk_security;
+
+       sksec_a->peer_sid = sksec_b->sid;
+       sksec_b->peer_sid = sksec_a->sid;
+
+       return 0;
+}
+
 /* Range of port numbers used to automatically bind.
    Need to determine whether we should perform a name_bind
    permission check between the socket and the port number. */
@@ -6451,7 +6463,9 @@ static int selinux_setprocattr(const char *name, void *value, size_t size)
                                        audit_size = size - 1;
                                else
                                        audit_size = size;
-                               ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
+                               ab = audit_log_start(audit_context(),
+                                                    GFP_ATOMIC,
+                                                    AUDIT_SELINUX_ERR);
                                audit_log_format(ab, "op=fscreate invalid_context=");
                                audit_log_n_untrustedstring(ab, value, audit_size);
                                audit_log_end(ab);
@@ -7019,6 +7033,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
 
        LSM_HOOK_INIT(socket_create, selinux_socket_create),
        LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
+       LSM_HOOK_INIT(socket_socketpair, selinux_socket_socketpair),
        LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
        LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
        LSM_HOOK_INIT(socket_listen, selinux_socket_listen),