diff options
| author | jooseong lee <jooseong.lee@samsung.com> | 2016-11-03 06:54:39 -0400 |
|---|---|---|
| committer | Casey Schaufler <casey@schaufler-ca.com> | 2016-11-04 20:42:57 -0400 |
| commit | 08382c9f6efe08b8bb30645c2744480cbd8f161a (patch) | |
| tree | 15701167ac2f631d8844a41fdfdf106f64bae122 | |
| parent | 07d9a380680d1c0eb51ef87ff2eab5c994949e69 (diff) | |
Smack: Assign smack_known_web label for kernel thread's
Assign smack_known_web label for kernel thread's socket
Creating struct sock by sk_alloc function in various kernel subsystems
like bluetooth doesn't call smack_socket_post_create(). In such case,
received sock label is the floor('_') label and makes access deny.
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
| -rw-r--r-- | security/smack/smack_lsm.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1cb060293505..e73460d5acc6 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -2337,8 +2337,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) | |||
| 2337 | if (ssp == NULL) | 2337 | if (ssp == NULL) |
| 2338 | return -ENOMEM; | 2338 | return -ENOMEM; |
| 2339 | 2339 | ||
| 2340 | ssp->smk_in = skp; | 2340 | /* |
| 2341 | ssp->smk_out = skp; | 2341 | * Sockets created by kernel threads receive web label. |
| 2342 | */ | ||
| 2343 | if (unlikely(current->flags & PF_KTHREAD)) { | ||
| 2344 | ssp->smk_in = &smack_known_web; | ||
| 2345 | ssp->smk_out = &smack_known_web; | ||
| 2346 | } else { | ||
| 2347 | ssp->smk_in = skp; | ||
| 2348 | ssp->smk_out = skp; | ||
| 2349 | } | ||
| 2342 | ssp->smk_packet = NULL; | 2350 | ssp->smk_packet = NULL; |
| 2343 | 2351 | ||
| 2344 | sk->sk_security = ssp; | 2352 | sk->sk_security = ssp; |