diff for duplicates of <20161221160901.GH4731@localhost.localdomain> diff --git a/a/1.txt b/N1/1.txt index e720155..7f45e62 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,6 +1,7 @@ On Wed, Dec 14, 2016 at 01:39:59PM +0000, Richard Haines wrote: > +SCTP Socket Option Permissions -> +===============> +The permissions consist of: "bindx_add" "bindx_rem" "connectx" "set_addr" and +> +=============================== +> +The permissions consist of: "bindx_add" "bindx_rem" "connectx" "set_addr" and > +"set_params" that are validated on setsockopt(2) calls, and "peeloff" that is > +validated on getsockopt(2) calls. > + @@ -123,7 +124,7 @@ Thanks, > + * security_sk_setsockopt() calls. > + */ > + err = sock_has_perm(current, sk, -> + (optname = SCTP_SOCKOPT_BINDX_ADD ? +> + (optname == SCTP_SOCKOPT_BINDX_ADD ? > + SCTP_SOCKET__BINDX_ADD : > + SCTP_SOCKET__CONNECTX)); > + if (err) @@ -147,10 +148,10 @@ Thanks, > + } > + > + err = -EINVAL; -> + if (optname = SCTP_SOCKOPT_BINDX_ADD) { +> + if (optname == SCTP_SOCKOPT_BINDX_ADD) { > + err = selinux_socket_bind(sock, > + address, addrlen); -> + } else if (optname = SCTP_SOCKOPT_CONNECTX) { +> + } else if (optname == SCTP_SOCKOPT_CONNECTX) { > + err = selinux_socket_connect(sock, > + address, addrlen); > + } diff --git a/a/content_digest b/N1/content_digest index 85dd77b..3f6f4ab 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\020161214133959.3078-1-richard_c_haines@btinternet.com\0" "From\0Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>\0" "Subject\0Re: [RFC PATCH 1/1] kernel: Add SELinux SCTP protocol support\0" - "Date\0Wed, 21 Dec 2016 16:09:01 +0000\0" + "Date\0Wed, 21 Dec 2016 14:09:01 -0200\0" "To\0Richard Haines <richard_c_haines@btinternet.com>\0" "Cc\0selinux@tycho.nsa.gov" linux-sctp@vger.kernel.org @@ -10,7 +10,8 @@ "b\0" "On Wed, Dec 14, 2016 at 01:39:59PM +0000, Richard Haines wrote:\n" "> +SCTP Socket Option Permissions\n" - "> +===============> +The permissions consist of: \"bindx_add\" \"bindx_rem\" \"connectx\" \"set_addr\" and\n" + "> +===============================\n" + "> +The permissions consist of: \"bindx_add\" \"bindx_rem\" \"connectx\" \"set_addr\" and\n" "> +\"set_params\" that are validated on setsockopt(2) calls, and \"peeloff\" that is\n" "> +validated on getsockopt(2) calls.\n" "> +\n" @@ -133,7 +134,7 @@ "> +\t\t * security_sk_setsockopt() calls.\n" "> +\t\t */\n" "> +\t\terr = sock_has_perm(current, sk,\n" - "> +\t\t\t (optname = SCTP_SOCKOPT_BINDX_ADD ?\n" + "> +\t\t\t (optname == SCTP_SOCKOPT_BINDX_ADD ?\n" "> +\t\t\t SCTP_SOCKET__BINDX_ADD :\n" "> +\t\t\t SCTP_SOCKET__CONNECTX));\n" "> +\t\tif (err)\n" @@ -157,10 +158,10 @@ "> +\t\t\t}\n" "> +\n" "> +\t\t\terr = -EINVAL;\n" - "> +\t\t\tif (optname = SCTP_SOCKOPT_BINDX_ADD) {\n" + "> +\t\t\tif (optname == SCTP_SOCKOPT_BINDX_ADD) {\n" "> +\t\t\t\terr = selinux_socket_bind(sock,\n" "> +\t\t\t\t\t address, addrlen);\n" - "> +\t\t\t} else if (optname = SCTP_SOCKOPT_CONNECTX) {\n" + "> +\t\t\t} else if (optname == SCTP_SOCKOPT_CONNECTX) {\n" "> +\t\t\t\terr = selinux_socket_connect(sock,\n" "> +\t\t\t\t\t address, addrlen);\n" "> +\t\t\t}\n" @@ -205,4 +206,4 @@ "> +\treturn 0;\n" > +} -a47687ced7501fcc1d279748b9e2824ccef741125c50e59ea75cc4f273adbcd7 +074a24be5591e49f6e88bc9c489c61ecd960def88a17bddc2e4c9566ae8e6bda
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.