From patchwork Mon Mar 28 19:42:07 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Moore <pmoore@redhat.com>
X-Patchwork-Id: 8680261
Return-Path: <selinux-bounces@tycho.nsa.gov>
X-Original-To: patchwork-selinux@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id D4255C0553
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 28 Mar 2016 19:45:08 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 394ED2017D
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 28 Mar 2016 19:45:08 +0000 (UTC)
Received: from emvm-gh1-uea09.nsa.gov (unknown [63.239.67.10])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 455D12013D
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 28 Mar 2016 19:45:07 +0000 (UTC)
X-TM-IMSS-Message-ID: <2db60675000204d6@nsa.gov>
Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov
	([10.208.42.194]) with ESMTP (TREND IMSS SMTP Service 7.1) id
	2db60675000204d6 ; Mon, 28 Mar 2016 15:42:55 -0400
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u2SJgF0w001030;
	Mon, 28 Mar 2016 15:42:27 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u2SJgC8k117357 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Mon, 28 Mar 2016 15:42:12 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u2SJgCge001026
	for <selinux@tycho.nsa.gov>; Mon, 28 Mar 2016 15:42:12 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1DPAwBfiPlWkxy3hNFdHAGELTSKIp4ujX+CFoQNh34BAQEBAQESAQEBAQkLCQkhhRoEgQIFAiYCSSmIJ59vj12QPXyFIoF7h1GCNIJWBZdhlz2FUgJEjkaCGAxBEQiBZSAwhz8fgRwBAQE
X-IPAS-Result: 
 A1DPAwBfiPlWkxy3hNFdHAGELTSKIp4ujX+CFoQNh34BAQEBAQESAQEBAQkLCQkhhRoEgQIFAiYCSSmIJ59vj12QPXyFIoF7h1GCNIJWBZdhlz2FUgJEjkaCGAxBEQiBZSAwhz8fgRwBAQE
X-IronPort-AV: E=Sophos;i="5.24,408,1454994000"; d="scan'208";a="5330396"
Received: from emvm-gh1-uea09.nsa.gov ([10.208.42.194])
	by goalie.tycho.ncsc.mil with ESMTP; 28 Mar 2016 15:42:11 -0400
X-TM-IMSS-Message-ID: <2db4b16400020477@nsa.gov>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by nsa.gov
	([10.208.42.194]) with ESMTP (TREND IMSS SMTP Service 7.1;
	TLSv1/SSLv3 ADH-AES256-SHA (256/256)) id 2db4b16400020477 ;
	Mon, 28 Mar 2016 15:41:27 -0400
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	by mx1.redhat.com (Postfix) with ESMTPS id D2B53C0005DA
	for <selinux@tycho.nsa.gov>; Mon, 28 Mar 2016 19:42:08 +0000 (UTC)
Received: from [127.0.0.1] (unused [10.10.51.4] (may be forged))
	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id u2SJg7J2028025; Mon, 28 Mar 2016 15:42:08 -0400
Subject: [PATCH] selinux: don't revalidate inodes in
	selinux_socket_getpeersec_dgram()
From: Paul Moore <pmoore@redhat.com>
To: selinux@tycho.nsa.gov
Date: Mon, 28 Mar 2016 15:42:07 -0400
Message-ID: <145919412765.2232.4990618801531525717.stgit@localhost>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1571-6.5.0.1024-16972.004
X-TM-AS-Result: No--1.534-7.0-31-10
X-imss-scan-details: No--1.534-7.0-31-10
X-TMASE-MatchedRID: 9lcviyFUrZK5X15AcJhserMjW/sniEQKJPNIV6GF8mvaLWXVYMGrTflY
	oV6p/cSxUVB7I/2CDSDFX1BU+vMr9pkKt7aEKUuYaDCzqDR7DPZ81YelPteg5MzvOkSymob/fyg
	oHpJEFKX/MASMwbGirCQFzZyZ2/95ksrpKXxHf4gkhWccAR/lkZMRL7eQIwBv5Eli/TtwsYoYrR
	CkFgAYLBwvzIaBfUNOa7psTsCPWOyDFRhxll5U22iUNIsZK60nHwYPGk5Zan6mqG6tID9etTYb1
	JePqeVK65ul7sC3KhiFFlRyO1gdKTdjAVXLGkr3
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Spam-Status: No, score=-6.1 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RDNS_NONE,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Paul Moore <paul@paul-moore.com>

We don't have to worry about socket inodes being invalidated so
use inode_security_novalidate() to fetch the inode's security blob.

Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 security/selinux/hooks.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f8110cf..ec1a1a8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4598,6 +4598,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
 {
 	u32 peer_secid = SECSID_NULL;
 	u16 family;
+	struct inode_security_struct *isec;
 
 	if (skb && skb->protocol == htons(ETH_P_IP))
 		family = PF_INET;
@@ -4608,9 +4609,10 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
 	else
 		goto out;
 
-	if (sock && family == PF_UNIX)
-		selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
-	else if (skb)
+	if (sock && family == PF_UNIX) {
+		isec = inode_security_novalidate(SOCK_INODE(sock));
+		peer_secid = isec->sid;
+	} else if (skb)
 		selinux_skb_peerlbl_sid(skb, family, &peer_secid);
 
 out: