diff options
Diffstat (limited to 'meta-sota-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch')
-rw-r--r-- | meta-sota-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/meta-sota-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch b/meta-sota-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch deleted file mode 100644 index 4021e5d..0000000 --- a/meta-sota-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch +++ /dev/null | |||
@@ -1,65 +0,0 @@ | |||
1 | From 2b206c36b16e72cfe41cd22448d8527359ffd962 Mon Sep 17 00:00:00 2001 | ||
2 | From: Casey Schaufler <casey@schaufler-ca.com> | ||
3 | Date: Mon, 7 Dec 2015 14:34:32 -0800 | ||
4 | Subject: [PATCH 1/4] Smack: File receive for sockets | ||
5 | |||
6 | The existing file receive hook checks for access on | ||
7 | the file inode even for UDS. This is not right, as | ||
8 | the inode is not used by Smack to make access checks | ||
9 | for sockets. This change checks for an appropriate | ||
10 | access relationship between the receiving (current) | ||
11 | process and the socket. If the process can't write | ||
12 | to the socket's send label or the socket's receive | ||
13 | label can't write to the process fail. | ||
14 | |||
15 | This will allow the legitimate cases, where the | ||
16 | socket sender and socket receiver can freely communicate. | ||
17 | Only strangly set socket labels should cause a problem. | ||
18 | |||
19 | Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> | ||
20 | --- | ||
21 | security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ | ||
22 | 1 file changed, 22 insertions(+) | ||
23 | |||
24 | diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c | ||
25 | index ff81026..b20ef06 100644 | ||
26 | --- a/security/smack/smack_lsm.c | ||
27 | +++ b/security/smack/smack_lsm.c | ||
28 | @@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file) | ||
29 | int may = 0; | ||
30 | struct smk_audit_info ad; | ||
31 | struct inode *inode = file_inode(file); | ||
32 | + struct socket *sock; | ||
33 | + struct task_smack *tsp; | ||
34 | + struct socket_smack *ssp; | ||
35 | |||
36 | if (unlikely(IS_PRIVATE(inode))) | ||
37 | return 0; | ||
38 | |||
39 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); | ||
40 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | ||
41 | + | ||
42 | + if (S_ISSOCK(inode->i_mode)) { | ||
43 | + sock = SOCKET_I(inode); | ||
44 | + ssp = sock->sk->sk_security; | ||
45 | + tsp = current_security(); | ||
46 | + /* | ||
47 | + * If the receiving process can't write to the | ||
48 | + * passed socket or if the passed socket can't | ||
49 | + * write to the receiving process don't accept | ||
50 | + * the passed socket. | ||
51 | + */ | ||
52 | + rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); | ||
53 | + rc = smk_bu_file(file, may, rc); | ||
54 | + if (rc < 0) | ||
55 | + return rc; | ||
56 | + rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); | ||
57 | + rc = smk_bu_file(file, may, rc); | ||
58 | + return rc; | ||
59 | + } | ||
60 | /* | ||
61 | * This code relies on bitmasks. | ||
62 | */ | ||
63 | -- | ||
64 | 2.7.4 | ||
65 | |||