* [PATCH] (2.6.24-rc4-mm1) -mm Smack getpeercred_stream fix for SO_PEERSEC and TCP
@ 2007-12-07 20:57 Casey Schaufler
0 siblings, 0 replies; only message in thread
From: Casey Schaufler @ 2007-12-07 20:57 UTC (permalink / raw)
To: akpm, torvalds; +Cc: linux-kernel, linux-security-module
From: Casey Schaufler <casey@schaufler-ca.com>
Collect the Smack label of the other end on connection so that
getsockopt(..., SO_PEERSEC, ...) can report it. This is done
in smack_inet_conn_request(). Report the correct value in
smack_socket_getpeersec_stream(). Initialize the smk_packet
field in the socket blob. Comment on the purpose of smk_packet
in the header file and remove the unused smk_depth field from
the blob.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
security/smack/smack.h | 7 +++----
security/smack/smack_lsm.c | 14 +++++++++++---
2 files changed, 14 insertions(+), 7 deletions(-)
diff -uprN -X linux-2.6.24-rc4-mm1-base/Documentation/dontdiff linux-2.6.24-rc4-mm1-base/security/smack/smack.h linux-2.6.24-rc4-mm1-smack/security/smack/smack.h
--- linux-2.6.24-rc4-mm1-base/security/smack/smack.h 2007-12-04 19:20:59.000000000 -0800
+++ linux-2.6.24-rc4-mm1-smack/security/smack/smack.h 2007-12-07 09:25:16.000000000 -0800
@@ -44,10 +44,9 @@ struct superblock_smack {
};
struct socket_smack {
- char *smk_out; /* outbound label */
- char *smk_in; /* inbound label */
- char smk_packet[SMK_LABELLEN];
- int smk_depth;
+ char *smk_out; /* outbound label */
+ char *smk_in; /* inbound label */
+ char smk_packet[SMK_LABELLEN]; /* TCP peer label */
};
/*
diff -uprN -X linux-2.6.24-rc4-mm1-base/Documentation/dontdiff linux-2.6.24-rc4-mm1-base/security/smack/smack_lsm.c linux-2.6.24-rc4-mm1-smack/security/smack/smack_lsm.c
--- linux-2.6.24-rc4-mm1-base/security/smack/smack_lsm.c 2007-12-04 19:20:59.000000000 -0800
+++ linux-2.6.24-rc4-mm1-smack/security/smack/smack_lsm.c 2007-12-07 11:10:58.000000000 -0800
@@ -1232,6 +1232,7 @@ static int smack_sk_alloc_security(struc
ssp->smk_in = csp;
ssp->smk_out = csp;
+ ssp->smk_packet[0] = '\0';
sk->sk_security = ssp;
@@ -2115,11 +2116,11 @@ static int smack_socket_getpeersec_strea
int rc = 0;
ssp = sock->sk->sk_security;
- slen = strlen(ssp->smk_out);
+ slen = strlen(ssp->smk_packet) + 1;
if (slen > len)
rc = -ERANGE;
- else if (copy_to_user(optval, ssp->smk_out, slen) != 0)
+ else if (copy_to_user(optval, ssp->smk_packet, slen) != 0)
rc = -EFAULT;
if (put_user(slen, optlen) != 0)
@@ -2251,8 +2252,15 @@ static int smack_inet_conn_request(struc
/*
* Receiving a packet requires that the other end
* be able to write here. Read access is not required.
+ *
+ * If the request is successful save the peer's label
+ * so that SO_PEERCRED can report it.
*/
- return smk_access(smack, ssp->smk_in, MAY_WRITE);
+ rc = smk_access(smack, ssp->smk_in, MAY_WRITE);
+ if (rc == 0)
+ strncpy(ssp->smk_packet, smack, SMK_MAXLEN);
+
+ return rc;
}
/*
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2007-12-07 20:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-12-07 20:57 [PATCH] (2.6.24-rc4-mm1) -mm Smack getpeercred_stream fix for SO_PEERSEC and TCP Casey Schaufler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.