write in 30M

hc

2024-02-20 ea08eeccae9297f7aabd2ef7f0c2517ac4549acc

 kernel/security/selinux/xfrm.c
..
..
@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
1
2
 /*
2
3
  *  NSA Security-Enhanced Linux (SELinux) security module
3
4
  *
..
..
@@ -12,10 +13,6 @@
12
13
  *
13
14
  *  Copyright (C) 2005 International Business Machines Corporation
14
15
  *  Copyright (C) 2006 Trusted Computer Solutions, Inc.
15
- *
16
- *	This program is free software; you can redistribute it and/or modify
17
- *	it under the terms of the GNU General Public License version 2,
18
- *	as published by the Free Software Foundation.
19
16
  */
20
17
 
21
18
 /*
..
..
@@ -79,7 +76,7 @@
79
76
 				   gfp_t gfp)
80
77
 {
81
78
 	int rc;
82
-	const struct task_security_struct *tsec = current_security();
79
+	const struct task_security_struct *tsec = selinux_cred(current_cred());
83
80
 	struct xfrm_sec_ctx *ctx = NULL;
84
81
 	u32 str_len;
85
82
 
..
..
@@ -138,7 +135,7 @@
138
135
  */
139
136
 static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx)
140
137
 {
141
-	const struct task_security_struct *tsec = current_security();
138
+	const struct task_security_struct *tsec = selinux_cred(current_cred());
142
139
 
143
140
 	if (!ctx)
144
141
 		return 0;
..
..
@@ -178,9 +175,10 @@
178
175
  */
179
176
 int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
180
177
 				      struct xfrm_policy *xp,
181
-				      const struct flowi *fl)
178
+				      const struct flowi_common *flic)
182
179
 {
183
180
 	u32 state_sid;
181
+	u32 flic_sid;
184
182
 
185
183
 	if (!xp->security)
186
184
 		if (x->security)
..
..
@@ -199,17 +197,17 @@
199
197
 				return 0;
200
198
 
201
199
 	state_sid = x->security->ctx_sid;
200
+	flic_sid = flic->flowic_secid;
202
201
 
203
-	if (fl->flowi_secid != state_sid)
202
+	if (flic_sid != state_sid)
204
203
 		return 0;
205
204
 
206
205
 	/* We don't need a separate SA Vs. policy polmatch check since the SA
207
206
 	 * is now of the same label as the flow and a flow Vs. policy polmatch
208
207
 	 * check had already happened in selinux_xfrm_policy_lookup() above. */
209
-	return (avc_has_perm(&selinux_state,
210
-			     fl->flowi_secid, state_sid,
211
-			    SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO,
212
-			    NULL) ? 0 : 1);
208
+	return (avc_has_perm(&selinux_state, flic_sid, state_sid,
209
+			     SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO,
210
+			     NULL) ? 0 : 1);
213
211
 }
214
212
 
215
213
 static u32 selinux_xfrm_skb_sid_egress(struct sk_buff *skb)
..
..
@@ -230,7 +228,7 @@
230
228
 					u32 *sid, int ckall)
231
229
 {
232
230
 	u32 sid_session = SECSID_NULL;
233
-	struct sec_path *sp = skb->sp;
231
+	struct sec_path *sp = skb_sec_path(skb);
234
232
 
235
233
 	if (sp) {
236
234
 		int i;
..
..
@@ -349,7 +347,7 @@
349
347
 	int rc;
350
348
 	struct xfrm_sec_ctx *ctx;
351
349
 	char *ctx_str = NULL;
352
-	int str_len;
350
+	u32 str_len;
353
351
 
354
352
 	if (!polsec)
355
353
 		return 0;
..
..
@@ -408,7 +406,7 @@
408
406
 			      struct common_audit_data *ad)
409
407
 {
410
408
 	int i;
411
-	struct sec_path *sp = skb->sp;
409
+	struct sec_path *sp = skb_sec_path(skb);
412
410
 	u32 peer_sid = SECINITSID_UNLABELED;
413
411
 
414
412
 	if (sp) {