commit e6dca1fd3c713eaf69ff16fb23c6dc683082a2f8
Author: Ondrej Mosnacek <omosnace@redhat.com>
Date:   Tue Feb 6 15:39:21 2024 +0100

    TEST

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 55c78c318ccd..a5db62130d41 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1292,7 +1292,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
 		case PF_QIPCRTR:
 			return SECCLASS_QIPCRTR_SOCKET;
 		case PF_SMC:
-			return SECCLASS_SMC_SOCKET;
+			return SECCLASS_TCP_SOCKET;
 		case PF_XDP:
 			return SECCLASS_XDP_SOCKET;
 		case PF_MCTP:
@@ -4772,6 +4772,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
 			}
 		}
 
+		// FIXME: do the same here
 		switch (sksec->sclass) {
 		case SECCLASS_TCP_SOCKET:
 			node_perm = TCP_SOCKET__NODE_BIND;
@@ -4852,6 +4853,7 @@ static int selinux_socket_connect_helper(struct socket *sock,
 		struct sockaddr_in6 *addr6 = NULL;
 		unsigned short snum;
 		u32 sid, perm;
+		u8 protocol;
 
 		/* sctp_connectx(3) calls via selinux_sctp_bind_connect()
 		 * that validates multiple connect addresses. Because of this
@@ -4881,22 +4883,25 @@ static int selinux_socket_connect_helper(struct socket *sock,
 				return -EAFNOSUPPORT;
 		}
 
-		err = sel_netport_sid(sk->sk_protocol, snum, &sid);
-		if (err)
-			return err;
-
 		switch (sksec->sclass) {
 		case SECCLASS_TCP_SOCKET:
+			protocol = IPPROTO_TCP;
 			perm = TCP_SOCKET__NAME_CONNECT;
 			break;
 		case SECCLASS_DCCP_SOCKET:
+			protocol = IPPROTO_DCCP;
 			perm = DCCP_SOCKET__NAME_CONNECT;
 			break;
 		case SECCLASS_SCTP_SOCKET:
+			protocol = IPPROTO_SCTP;
 			perm = SCTP_SOCKET__NAME_CONNECT;
 			break;
 		}
 
+		err = sel_netport_sid(protocol, snum, &sid);
+		if (err)
+			return err;
+
 		ad.type = LSM_AUDIT_DATA_NET;
 		ad.u.net = &net;
 		ad.u.net->dport = htons(snum);