selinux: fix broken peer recv check

commit 46d01d63221c3508421dd72ff9c879f61053cffc upstream. Fix a broken networking check. Return an error if peer recv fails. If secmark is active and the packet recv succeeds the peer recv error is ignored. Signed-off-by: Chad Hanson <chanson@trustedcs.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Chad Hanson <chanson@trustedcs.com> 2013-12-23 17:45:01 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2014-01-08 09:42:10 -0800
commit: 351381d8cea3036cfe021eb29994584d0e5c0e73 (patch)
tree: 575afc68d8b8f5522817066d64aae1dc6843a69a /security
parent: bc8a3912facbd66e2b88d10922aae74548b86606 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d32db4140aa0..714eb58b4c1c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4240,8 +4240,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 		}
 		err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
 				   PEER__RECV, &ad);
-		if (err)
+		if (err) {
 			selinux_netlbl_err(skb, err, 0);
+			return err;
+		}
 	}
 
 	if (secmark_active) {
author	Chad Hanson <chanson@trustedcs.com>	2013-12-23 17:45:01 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2014-01-08 09:42:10 -0800
commit	351381d8cea3036cfe021eb29994584d0e5c0e73 (patch)
tree	575afc68d8b8f5522817066d64aae1dc6843a69a /security
parent	bc8a3912facbd66e2b88d10922aae74548b86606 (diff)