lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
[ Upstream commit 3df98d79215ace13d1e91ddfc5a67a0f5acbd83f ] As pointed out by Herbert in a recent related patch, the LSM hooks do not have the necessary address family information to use the flowi struct safely. As none of the LSMs currently use any of the protocol specific flowi information, replace the flowi pointers with pointers to the address family independent flowi_common struct. Reported-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: James Morris <jamorris@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Paul Moore
@@ -26,7 +26,7 @@ int selinux_xfrm_state_delete(struct xfrm_state *x);
|
||||
int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
|
||||
int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
|
||||
struct xfrm_policy *xp,
|
||||
const struct flowi *fl);
|
||||
const struct flowi_common *flic);
|
||||
|
||||
#ifdef CONFIG_SECURITY_NETWORK_XFRM
|
||||
extern atomic_t selinux_xfrm_refcount;
|
||||
|
||||
Reference in New Issue
Block a user