diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-06 19:15:56 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-06 19:15:56 -0400 |
| commit | 10b1eb7d8ce5635a7deb273f8291d8a0a7681de1 (patch) | |
| tree | 946b7d496a4e24db5120be376e075b52982fae83 /security/selinux/hooks.c | |
| parent | d75ae5bdf2353e5c6a1f83da5f6f2d31582f09a3 (diff) | |
| parent | 890e2abe1028c39e5399101a2c277219cd637aaa (diff) | |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security system updates from James Morris:
- incorporate new socketpair() hook into LSM and wire up the SELinux
and Smack modules. From David Herrmann:
"The idea is to allow SO_PEERSEC to be called on AF_UNIX sockets
created via socketpair(2), and return the same information as if
you emulated socketpair(2) via a temporary listener socket.
Right now SO_PEERSEC will return the unlabeled credentials for a
socketpair, rather than the actual credentials of the creating
process."
- remove the unused security_settime LSM hook (Sargun Dhillon).
- remove some stack allocated arrays from the keys code (Tycho
Andersen)
* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
dh key: get rid of stack allocated array for zeroes
dh key: get rid of stack allocated array
big key: get rid of stack array allocation
smack: provide socketpair callback
selinux: provide socketpair callback
net: hook socketpair() into LSM
security: add hook for socketpair()
security: remove security_settime
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 99c4675952f7..7df0f2ee1e88 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -4580,6 +4580,18 @@ static int selinux_socket_post_create(struct socket *sock, int family, | |||
| 4580 | return err; | 4580 | return err; |
| 4581 | } | 4581 | } |
| 4582 | 4582 | ||
| 4583 | static int selinux_socket_socketpair(struct socket *socka, | ||
| 4584 | struct socket *sockb) | ||
| 4585 | { | ||
| 4586 | struct sk_security_struct *sksec_a = socka->sk->sk_security; | ||
| 4587 | struct sk_security_struct *sksec_b = sockb->sk->sk_security; | ||
| 4588 | |||
| 4589 | sksec_a->peer_sid = sksec_b->sid; | ||
| 4590 | sksec_b->peer_sid = sksec_a->sid; | ||
| 4591 | |||
| 4592 | return 0; | ||
| 4593 | } | ||
| 4594 | |||
| 4583 | /* Range of port numbers used to automatically bind. | 4595 | /* Range of port numbers used to automatically bind. |
| 4584 | Need to determine whether we should perform a name_bind | 4596 | Need to determine whether we should perform a name_bind |
| 4585 | permission check between the socket and the port number. */ | 4597 | permission check between the socket and the port number. */ |
| @@ -7016,6 +7028,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
| 7016 | 7028 | ||
| 7017 | LSM_HOOK_INIT(socket_create, selinux_socket_create), | 7029 | LSM_HOOK_INIT(socket_create, selinux_socket_create), |
| 7018 | LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create), | 7030 | LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create), |
| 7031 | LSM_HOOK_INIT(socket_socketpair, selinux_socket_socketpair), | ||
| 7019 | LSM_HOOK_INIT(socket_bind, selinux_socket_bind), | 7032 | LSM_HOOK_INIT(socket_bind, selinux_socket_bind), |
| 7020 | LSM_HOOK_INIT(socket_connect, selinux_socket_connect), | 7033 | LSM_HOOK_INIT(socket_connect, selinux_socket_connect), |
| 7021 | LSM_HOOK_INIT(socket_listen, selinux_socket_listen), | 7034 | LSM_HOOK_INIT(socket_listen, selinux_socket_listen), |