diff options
| author | Raghuram Subramani <raghus2247@gmail.com> | 2024-10-13 13:36:36 +0530 |
|---|---|---|
| committer | Raghuram Subramani <raghus2247@gmail.com> | 2024-10-13 13:36:36 +0530 |
| commit | 6a21d8496b038d1e71fd6a9bd8a95880135665d9 (patch) | |
| tree | 8f96e9273400c0eb8794f92aef733bb5fe52b658 /security/selinux/xfrm.c | |
| parent | b73f506bc0ae7119f5f629b222596a27d7b2e99b (diff) | |
| parent | 17d850f5a5bc1318b67a974b16d32a2dd3bab5cf (diff) | |
Merge remote-tracking branch 'msm8998/lineage-20'master
Diffstat (limited to 'security/selinux/xfrm.c')
| -rw-r--r-- | security/selinux/xfrm.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 56e354fcdfc6..fda680555451 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -174,9 +174,10 @@ int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) */ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, - const struct flowi *fl) + const struct flowi_common *flic) { u32 state_sid; + u32 flic_sid; if (!xp->security) if (x->security) @@ -195,14 +196,15 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, return 0; state_sid = x->security->ctx_sid; + flic_sid = flic->flowic_secid; - if (fl->flowi_secid != state_sid) + if (flic_sid != state_sid) return 0; /* We don't need a separate SA Vs. policy polmatch check since the SA * is now of the same label as the flow and a flow Vs. policy polmatch * check had already happened in selinux_xfrm_policy_lookup() above. */ - return (avc_has_perm(fl->flowi_secid, state_sid, + return (avc_has_perm(flic_sid, state_sid, SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, NULL) ? 0 : 1); } |