selinux: make more use of current_sid()

[linux-2.6-block.git] / security / selinux / xfrm.c

diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 95fcd2d3433e4ba6a26ef92adb46835b1a4216b0..90ec4ef1b082f9021f686adb4e0ed3b14f282727 100644 (file)
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -76,7 +76,6 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
                                   gfp_t gfp)
 {
        int rc;
-       const struct task_security_struct *tsec = selinux_cred(current_cred());
        struct xfrm_sec_ctx *ctx = NULL;
        u32 str_len;
 
@@ -103,7 +102,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
        if (rc)
                goto err;
 
-       rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
+       rc = avc_has_perm(current_sid(), ctx->ctx_sid,
                          SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, NULL);
        if (rc)
                goto err;
@@ -134,12 +133,10 @@ static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx)
  */
 static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx)
 {
-       const struct task_security_struct *tsec = selinux_cred(current_cred());
-
        if (!ctx)
                return 0;
 
-       return avc_has_perm(tsec->sid, ctx->ctx_sid,
+       return avc_has_perm(current_sid(), ctx->ctx_sid,
                            SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT,
                            NULL);
 }