1 files changed, 23 insertions, 1 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index ac7436f1bc2b..e3d55334c50d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file)
        int may = 0;
        struct smk_audit_info ad;
        struct inode *inode = file_inode(file);
+        struct socket *sock;
+        struct task_smack *tsp;
+        struct socket_smack *ssp;
        if (unlikely(IS_PRIVATE(inode)))
                return 0;
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
        smk_ad_setfield_u_fs_path(&ad, file->f_path);
+        if (S_ISSOCK(inode->i_mode)) {
+                sock = SOCKET_I(inode);
+                ssp = sock->sk->sk_security;
+                tsp = current_security();
+                /*
+                 * If the receiving process can't write to the
+                 * passed socket or if the passed socket can't
+                 * write to the receiving process don't accept
+                 * the passed socket.
+                 */
+                rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
+                rc = smk_bu_file(file, may, rc);
+                if (rc < 0)
+                        return rc;
+                rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
+                rc = smk_bu_file(file, may, rc);
+                return rc;
+        }
        /*
         * This code relies on bitmasks.
         */
@@ -3758,7 +3780,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
        if (sip == NULL)
                return 0;
-        switch (sip->sin_family) {
+        switch (sock->sk->sk_family) {
        case AF_INET:
                rc = smack_netlabel_send(sock->sk, sip);
                break;

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ac7436f1bc2b..e3d55334c50d 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file)
1860	int may = 0;	1860	int may = 0;
1861	struct smk_audit_info ad;	1861	struct smk_audit_info ad;
1862	struct inode *inode = file_inode(file);	1862	struct inode *inode = file_inode(file);
		1863	struct socket *sock;
		1864	struct task_smack *tsp;
		1865	struct socket_smack *ssp;
1863		1866
1864	if (unlikely(IS_PRIVATE(inode)))	1867	if (unlikely(IS_PRIVATE(inode)))
1865	return 0;	1868	return 0;
1866		1869
1867	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);	1870	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1868	smk_ad_setfield_u_fs_path(&ad, file->f_path);	1871	smk_ad_setfield_u_fs_path(&ad, file->f_path);
		1872
		1873	if (S_ISSOCK(inode->i_mode)) {
		1874	sock = SOCKET_I(inode);
		1875	ssp = sock->sk->sk_security;
		1876	tsp = current_security();
		1877	/*
		1878	* If the receiving process can't write to the
		1879	* passed socket or if the passed socket can't
		1880	* write to the receiving process don't accept
		1881	* the passed socket.
		1882	*/
		1883	rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
		1884	rc = smk_bu_file(file, may, rc);
		1885	if (rc < 0)
		1886	return rc;
		1887	rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
		1888	rc = smk_bu_file(file, may, rc);
		1889	return rc;
		1890	}
1869	/*	1891	/*
1870	* This code relies on bitmasks.	1892	* This code relies on bitmasks.
1871	*/	1893	*/
@@ -3758,7 +3780,7 @@ static int smack_socket_sendmsg(struct socket sock, struct msghdr msg,
3758	if (sip == NULL)	3780	if (sip == NULL)
3759	return 0;	3781	return 0;
3760		3782
3761	switch (sip->sin_family) {	3783	switch (sock->sk->sk_family) {
3762	case AF_INET:	3784	case AF_INET:
3763	rc = smack_netlabel_send(sock->sk, sip);	3785	rc = smack_netlabel_send(sock->sk, sip);
3764	break;	3786	break;