selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram()

We don't have to worry about socket inodes being invalidated so
use inode_security_novalidate() to fetch the inode's security blob.

Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 912deee3f01ef8da199b764b0679c98483676399..65642be91644d3cda1d5ec8312cb4bff56162de3 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4598,6 +4598,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
 {
        u32 peer_secid = SECSID_NULL;
        u16 family;
+       struct inode_security_struct *isec;
 
        if (skb && skb->protocol == htons(ETH_P_IP))
                family = PF_INET;
@@ -4608,9 +4609,10 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
        else
                goto out;
 
-       if (sock && family == PF_UNIX)
-               selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
-       else if (skb)
+       if (sock && family == PF_UNIX) {
+               isec = inode_security_novalidate(SOCK_INODE(sock));
+               peer_secid = isec->sid;
+       } else if (skb)
                selinux_skb_peerlbl_sid(skb, family, &peer_secid);
 
 out: