diff options
| -rw-r--r-- | security/smack/smack_lsm.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 81c03a597112..10056f2f6df3 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1939,18 +1939,19 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) | |||
| 1939 | char *hostsp; | 1939 | char *hostsp; |
| 1940 | struct socket_smack *ssp = sk->sk_security; | 1940 | struct socket_smack *ssp = sk->sk_security; |
| 1941 | struct smk_audit_info ad; | 1941 | struct smk_audit_info ad; |
| 1942 | struct lsm_network_audit net; | ||
| 1943 | 1942 | ||
| 1944 | rcu_read_lock(); | 1943 | rcu_read_lock(); |
| 1945 | hostsp = smack_host_label(sap); | 1944 | hostsp = smack_host_label(sap); |
| 1946 | if (hostsp != NULL) { | 1945 | if (hostsp != NULL) { |
| 1947 | sk_lbl = SMACK_UNLABELED_SOCKET; | ||
| 1948 | #ifdef CONFIG_AUDIT | 1946 | #ifdef CONFIG_AUDIT |
| 1947 | struct lsm_network_audit net; | ||
| 1948 | |||
| 1949 | smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); | 1949 | smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); |
| 1950 | ad.a.u.net->family = sap->sin_family; | 1950 | ad.a.u.net->family = sap->sin_family; |
| 1951 | ad.a.u.net->dport = sap->sin_port; | 1951 | ad.a.u.net->dport = sap->sin_port; |
| 1952 | ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; | 1952 | ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; |
| 1953 | #endif | 1953 | #endif |
| 1954 | sk_lbl = SMACK_UNLABELED_SOCKET; | ||
| 1954 | rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad); | 1955 | rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad); |
| 1955 | } else { | 1956 | } else { |
| 1956 | sk_lbl = SMACK_CIPSO_SOCKET; | 1957 | sk_lbl = SMACK_CIPSO_SOCKET; |
| @@ -2809,11 +2810,14 @@ static int smack_unix_stream_connect(struct sock *sock, | |||
| 2809 | struct socket_smack *osp = other->sk_security; | 2810 | struct socket_smack *osp = other->sk_security; |
| 2810 | struct socket_smack *nsp = newsk->sk_security; | 2811 | struct socket_smack *nsp = newsk->sk_security; |
| 2811 | struct smk_audit_info ad; | 2812 | struct smk_audit_info ad; |
| 2812 | struct lsm_network_audit net; | ||
| 2813 | int rc = 0; | 2813 | int rc = 0; |
| 2814 | 2814 | ||
| 2815 | #ifdef CONFIG_AUDIT | ||
| 2816 | struct lsm_network_audit net; | ||
| 2817 | |||
| 2815 | smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); | 2818 | smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); |
| 2816 | smk_ad_setfield_u_net_sk(&ad, other); | 2819 | smk_ad_setfield_u_net_sk(&ad, other); |
| 2820 | #endif | ||
| 2817 | 2821 | ||
| 2818 | if (!capable(CAP_MAC_OVERRIDE)) | 2822 | if (!capable(CAP_MAC_OVERRIDE)) |
| 2819 | rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); | 2823 | rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); |
| @@ -2842,11 +2846,14 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other) | |||
| 2842 | struct socket_smack *ssp = sock->sk->sk_security; | 2846 | struct socket_smack *ssp = sock->sk->sk_security; |
| 2843 | struct socket_smack *osp = other->sk->sk_security; | 2847 | struct socket_smack *osp = other->sk->sk_security; |
| 2844 | struct smk_audit_info ad; | 2848 | struct smk_audit_info ad; |
| 2845 | struct lsm_network_audit net; | ||
| 2846 | int rc = 0; | 2849 | int rc = 0; |
| 2847 | 2850 | ||
| 2851 | #ifdef CONFIG_AUDIT | ||
| 2852 | struct lsm_network_audit net; | ||
| 2853 | |||
| 2848 | smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); | 2854 | smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); |
| 2849 | smk_ad_setfield_u_net_sk(&ad, other->sk); | 2855 | smk_ad_setfield_u_net_sk(&ad, other->sk); |
| 2856 | #endif | ||
| 2850 | 2857 | ||
| 2851 | if (!capable(CAP_MAC_OVERRIDE)) | 2858 | if (!capable(CAP_MAC_OVERRIDE)) |
| 2852 | rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); | 2859 | rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); |
| @@ -2993,7 +3000,9 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
| 2993 | char *csp; | 3000 | char *csp; |
| 2994 | int rc; | 3001 | int rc; |
| 2995 | struct smk_audit_info ad; | 3002 | struct smk_audit_info ad; |
| 3003 | #ifdef CONFIG_AUDIT | ||
| 2996 | struct lsm_network_audit net; | 3004 | struct lsm_network_audit net; |
| 3005 | #endif | ||
| 2997 | if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) | 3006 | if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) |
| 2998 | return 0; | 3007 | return 0; |
| 2999 | 3008 | ||
| @@ -3156,7 +3165,9 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, | |||
| 3156 | char *sp; | 3165 | char *sp; |
| 3157 | int rc; | 3166 | int rc; |
| 3158 | struct smk_audit_info ad; | 3167 | struct smk_audit_info ad; |
| 3168 | #ifdef CONFIG_AUDIT | ||
| 3159 | struct lsm_network_audit net; | 3169 | struct lsm_network_audit net; |
| 3170 | #endif | ||
| 3160 | 3171 | ||
| 3161 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ | 3172 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ |
| 3162 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) | 3173 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) |