Received: by 10.192.165.148 with SMTP id m20csp3639942imm; Mon, 23 Apr 2018 09:48:34 -0700 (PDT) X-Google-Smtp-Source: AIpwx48xai0Zu9UWlHdCXZnuXlkoM/NrDbwUtItOpYgwShgYRYrwhjAJ8h/JMMiwAGQYJJ286AhI X-Received: by 10.101.76.129 with SMTP id m1mr17297264pgt.90.1524502114604; Mon, 23 Apr 2018 09:48:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524502114; cv=none; d=google.com; s=arc-20160816; b=cAzmgMjvx+cZo1Hmk2IxyJZk+TXBoINFRVChNrlD5I8KJCj0058wxgBvKklhBsjsRF 2fDqy4NpAIyvFNQpvzyeN+c7PowsMmhgh0TkTd3Ddr+jbs1HHK0sI/la1BVpUytllWrQ WJ+cgV+PnFkD424QqFJI6kvGFE5hFnBQk8QeJE0rj64s4NcMW2dXUNPeb6OL1Ll5eQtH lowQZR792wBudYxAGRV/3AJ6nzrgKndybTWQiekWibivsGyEkJHxCdG8PZzj3rby9ZkH Bg3btYKV7qWQtmpL7+X94MX+iXTWxzWt6ojsqbQH+9+vET4vqpbKSSYottf+jNLyYRww J8xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:ironport-phdr :arc-authentication-results; bh=RlVaAu6RdFGa802pTj9JwgNQ7DVhriVfebQGITRG+eU=; b=qgNA68PCS+/Uw/X9nyVE1RgIdKV5y2D2L9r4TRD0gxIJdh69ykCClFKI2fiUou7+ad zcS4WwpJiOh67B5kDY6TpRtketD38FBdYN9yxGSLHI7tyVvmfc5cxGipELq4pbT8bRV5 fTRXWdVQaw/uyUic6Zo53Z48bJTMlDYiiChhB6Fi1GYCabePjT7T07/cK1GXec44YrRL 6shTTq+WrQDHqB7XtMxv+VnMGpwbMwl/UBCbnyAorp0sUDegRFO47Dntm/rLZPG7eylw fRbHLNI5ctf3+wYtvmpvkfjnHMyZw6xHturdM+z2LyzbwGrQo5ARVuRCIZkstqs/2AZn RVLQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g3si10021627pgr.635.2018.04.23.09.48.19; Mon, 23 Apr 2018 09:48:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755644AbeDWQrE (ORCPT + 99 others); Mon, 23 Apr 2018 12:47:04 -0400 Received: from ucol19pa09.eemsg.mail.mil ([214.24.24.82]:39326 "EHLO ucol19pa09.eemsg.mail.mil" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754788AbeDWQrC (ORCPT ); Mon, 23 Apr 2018 12:47:02 -0400 X-IronPort-AV: E=Sophos;i="5.49,318,1520899200"; d="scan'208";a="681579455" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa09.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 23 Apr 2018 16:46:57 +0000 X-IronPort-AV: E=Sophos;i="5.49,318,1520899200"; d="scan'208";a="11012227" IronPort-PHdr: =?us-ascii?q?9a23=3AEbcfHxcU1le1VGh0VqnkH3ALlGMj4u6mDksu8p?= =?us-ascii?q?Mizoh2WeGdxc25YB2N2/xhgRfzUJnB7Loc0qyK6/umATRIyK3CmUhKSIZLWR?= =?us-ascii?q?4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBx?= =?us-ascii?q?rwKxd+KPjrFY7OlcS30P2594HObwlSizexfb1/IA+qoQnNq8IbnZZsJqEtxx?= =?us-ascii?q?XTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM3?= =?us-ascii?q?0u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xy?= =?us-ascii?q?mp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNwUX2?= =?us-ascii?q?pBWttaWTJHDI2ycoADC/MNMfhEo4X4oVYFsBmwChS2BO731zFGmHH206053e?= =?us-ascii?q?ovHw7J0w4vEM4BvnnPsNX4Nr0fXfypwKTGzzjOae5d1zfn6IjPdxAsueyCXa?= =?us-ascii?q?5ufsrJyUkgCQXFhUiNp4zgJTyV0uANvHab7uF9Uu+vkHMoqxpqrzizxsYjlo?= =?us-ascii?q?nJhoUPxlDC7iV22pw5JdK/SE5leNOpFoZbuSKCN4ZuX88vTG5ltDw6x7Ebo5?= =?us-ascii?q?K3YicHxIo9yxLCbfGMbpKG7Qj5VOmLJDd1nHdleLWiiBms6UWg0ej8VtWs0F?= =?us-ascii?q?ZNsypFjsHAtnAT2BzX7ciKUud98V272TaOygDT8ftIIVw0lKXHK54hxaQ8lp?= =?us-ascii?q?wPvkTYAiD6gkD2jK6Sdkk8++io7froYqn+q5OBOIJ5hRvyP6QzlsClH+g1PR?= =?us-ascii?q?YCU3KG9eik0b3s50z5QLFEjv0slanZtYjXJd8Gqa6iGAJVzoYi5Aq/Dzehyt?= =?us-ascii?q?gYm2IHI0hfdBKIiIjpJUnCIOrkAvenn1SsjDBryujbMb3hGJnNLmbMkK37fb?= =?us-ascii?q?Z48UFczgwzwMtQ55JREL4BIfbzVlXtu9zfCx8zKxa0zPr/CNVhyoMeXnqCAq?= =?us-ascii?q?uYMKPUrF+J6fsjI+qSa48PvjbyNfwl6uXwjX82h1AdZ7Ol3ZgJZ3CiGPRpPU?= =?us-ascii?q?GZbWDrgtcbHmcAphA+Q/DyiF2eTT5TYG6/X6A55jE8EoKmF4bDRpu2jbyHxi?= =?us-ascii?q?i7G4NZZmFcBlCLC3foeJ2OW+0QZyKKPs9hjjsEWKC5S4A7yBGusBT3y6J9Ie?= =?us-ascii?q?rJ/i0UrJfj1N9y5+3Jix4+7yB7D8OY02uVVWF7gnsIRyMq3KB4uUF91kmM0a?= =?us-ascii?q?djjvxaFtxT4/ZJXh08NZ7b1+Z6Ecz9WhrdfteVT1arWtGmATA3TtIszN4Cel?= =?us-ascii?q?19FMu+gRDexSqqAqMVlrySCJwx9aLTwmXxJ8JjxHvdyqkhgEcpQtFVOW2lmK?= =?us-ascii?q?F/7Q7TCJDNk0mDkKaqb6sc1jbX9Gif1WqOoF1YUAloXKrbRXAQfFHWrdXi5k?= =?us-ascii?q?7ZV7+hE64nMgpayc6aLqtFcMHmgktcSPfkItTebHq7m32sChaQ2rOMcI3qdn?= =?us-ascii?q?0G3CrDEkgEnB4c8G2GNQckAiehp2LfDDp0GV3zZEPs9PF0qGmnQU8s0wGKc0?= =?us-ascii?q?ph2qKo9REPm/yTVfYT06kZtyg7tTV7AlO939bRC9qOuwptZqNcbs0h4F1fz2?= =?us-ascii?q?LWqxR9PoC8L6BlnlMedRp4v1/z2BppFIVNitYqrHw0wwpoM66Y001Odyme3Z?= =?us-ascii?q?/uPr3bMG7y/Aqga/2e5laL/N+I+6tHyPkisVDqugfhQkYitXVqycNQ2n2azp?= =?us-ascii?q?rPBQsWF5n2VxBzvxx7oazKJyow/YXZ0VVyPqSu9DzPwdQkAK0i0BnzUc1YNf?= =?us-ascii?q?a/CALqE8AcT/OrIegulknhOgkIJ8hO5aU0OIWgbPLA16m1arUz1Am6hHhKtd?= =?us-ascii?q?gumnmH8DBxH6uRhc4I?= X-IPAS-Result: =?us-ascii?q?A2B9BwCyDd5a/wHyM5BbHQEBBQELAYMYK4FbKINqlHpFA?= =?us-ascii?q?QEBAQEBBoEjgQ+GbId9hg82hEACgmchNxUBAgEBAQEBAQIBayiCNSQBgkkBB?= =?us-ascii?q?SMEUhALDgoCAiYCAiE2BgEMBgIBAYJYghsDCA2qB4FpM4RYgjINgSuCOYEJh?= =?us-ascii?q?wOBDIEHgTKCaIJPhSSCVAKXRywIi0OCdwaMTiuJS4dcMiKBUisIAhgIIQ+Cf?= =?us-ascii?q?oIgF44zIzBiAY9KAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 23 Apr 2018 16:46:57 +0000 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w3NGkt92014367; Mon, 23 Apr 2018 12:46:55 -0400 Subject: Re: [PATCH 3/3] selinux: provide unix_stream_socketpair callback To: David Herrmann , linux-kernel@vger.kernel.org Cc: James Morris , Paul Moore , teg@jklm.no, selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, Eric Paris , serge@hallyn.com, davem@davemloft.net, netdev@vger.kernel.org References: <20180423133015.5455-1-dh.herrmann@gmail.com> <20180423133015.5455-4-dh.herrmann@gmail.com> From: Stephen Smalley Message-ID: <2710a66f-8a40-3a9a-7b50-e4279c53ebcd@tycho.nsa.gov> Date: Mon, 23 Apr 2018 12:48:15 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180423133015.5455-4-dh.herrmann@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/23/2018 09:30 AM, David Herrmann wrote: > Make sure to implement the new unix_stream_socketpair callback so the > SO_PEERSEC call on socketpair(2)s will return correct information. > > Signed-off-by: David Herrmann Acked-by: Stephen Smalley > --- > security/selinux/hooks.c | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 4cafe6a19167..828881d9a41d 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -4905,6 +4905,18 @@ static int selinux_socket_unix_stream_connect(struct sock *sock, > return 0; > } > > +static int selinux_socket_unix_stream_socketpair(struct sock *socka, > + struct sock *sockb) > +{ > + struct sk_security_struct *sksec_a = socka->sk_security; > + struct sk_security_struct *sksec_b = sockb->sk_security; > + > + sksec_a->peer_sid = sksec_b->sid; > + sksec_b->peer_sid = sksec_a->sid; > + > + return 0; > +} > + > static int selinux_socket_unix_may_send(struct socket *sock, > struct socket *other) > { > @@ -6995,6 +7007,8 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { > LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx), > > LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect), > + LSM_HOOK_INIT(unix_stream_socketpair, > + selinux_socket_unix_stream_socketpair), > LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send), > > LSM_HOOK_INIT(socket_create, selinux_socket_create), >