selinux: ensure that the cached NetLabel secattr matches the desired SID
authorPaul Moore <pmoore@redhat.com>
Tue, 3 Dec 2013 16:36:11 +0000 (11:36 -0500)
committerPaul Moore <pmoore@redhat.com>
Wed, 4 Dec 2013 21:08:17 +0000 (16:08 -0500)
commit050d032b25e617cd738db8d6fd5aed24d87cbbcb
tree53771bb7cebc1cf36bbd0442d3acc1a93e4ccedb
parent7f721643db3b2da53e1b91aaa4e8cb7706bfdd10
selinux: ensure that the cached NetLabel secattr matches the desired SID

In selinux_netlbl_skbuff_setsid() we leverage a cached NetLabel
secattr whenever possible.  However, we never check to ensure that
the desired SID matches the cached NetLabel secattr.  This patch
checks the SID against the secattr before use and only uses the
cached secattr when the SID values match.

Signed-off-by: Paul Moore <pmoore@redhat.com>
security/selinux/netlabel.c