REVERT sk_getsecid use of lsm_export Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> --- include/linux/lsm_hooks.h | 2 +- security/security.c | 5 +---- security/selinux/hooks.c | 6 +++--- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 97ef535dafd0..cbfc2a9b5f27 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1699,7 +1699,7 @@ union security_list_options { int (*sk_alloc_security)(struct sock *sk, int family, gfp_t priority); void (*sk_free_security)(struct sock *sk); void (*sk_clone_security)(const struct sock *sk, struct sock *newsk); - void (*sk_getsecid)(struct sock *sk, struct lsm_export *l); + void (*sk_getsecid)(struct sock *sk, u32 *secid); void (*sock_graft)(struct sock *sk, struct socket *parent); int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb, struct request_sock *req); diff --git a/security/security.c b/security/security.c index 06461712c881..e52b500adb27 100644 --- a/security/security.c +++ b/security/security.c @@ -2116,10 +2116,7 @@ EXPORT_SYMBOL(security_sk_clone); void security_sk_classify_flow(struct sock *sk, struct flowi *fl) { - struct lsm_export data = { .flags = LSM_EXPORT_NONE }; - - call_void_hook(sk_getsecid, sk, &data); - lsm_export_secid(&data, &fl->flowi_secid); + call_void_hook(sk_getsecid, sk, &fl->flowi_secid); } EXPORT_SYMBOL(security_sk_classify_flow); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 744fa6141ae1..9879dd828e1c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4889,14 +4889,14 @@ static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) selinux_netlbl_sk_security_reset(newsksec); } -static void selinux_sk_getsecid(struct sock *sk, struct lsm_export *l) +static void selinux_sk_getsecid(struct sock *sk, u32 *secid) { if (!sk) - selinux_export_secid(l, SECINITSID_ANY_SOCKET); + *secid = SECINITSID_ANY_SOCKET; else { struct sk_security_struct *sksec = selinux_sock(sk); - selinux_export_secid(l, sksec->sid); + *secid = sksec->sid; } } -- 2.17.0