Received: by 10.192.165.148 with SMTP id m20csp114986imm;
        Fri, 4 May 2018 07:32:30 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZontHkbEKk+oElE22/XSoS+kbFo7Cvqc1e7cI0zyoie3wZPlmkbTD0tcb6YhTk+nQdElswK
X-Received: by 2002:a63:774e:: with SMTP id s75-v6mr22590398pgc.162.1525444350883;
        Fri, 04 May 2018 07:32:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525444350; cv=none;
        d=google.com; s=arc-20160816;
        b=DfEQ+KkTQLWCxWSz41wm9A3fp4mL+YXXPymM4ALvP3TNUrSO/Qtx++QDf1QKUhpLpW
         BtjoMEBqpr8/YqyDhfBI9kKmHWS8bh2QjCC5sv7cQjtqPqPRguSI0mDDJiHkRXzFGr+0
         S+WHDetrEPS7Tl2gjVvIUPPz42tgZkq9lYCTGD4blGtnDj1LMdnTsOvCwCCVqTA/Y9ru
         sO5E9hpOaEN48MeddwUi36idYDfFJpoM0qxSUtYASTogZpai6X+vseh7MY0+fhyZMyBo
         Nn5YbJJkADezufAM9hEBsD7KcoY2fvgDCC70SikxvWik/Idyp4q782mLTzQeqBmjIawO
         541g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:dkim-signature:arc-authentication-results;
        bh=FvCx9g1K3KZMxfEwjrxWWIBIQFACTn6xEqYDgS0oPtQ=;
        b=fiUqcAs/sQiaqV4UOQJBv8gje8JwCfFngyHQzsx2uaiN8dHpt+Ql/dueWb+fCMYUvt
         djDd70KmorTg/xWl/XMfu8mLXUC0XpO7WYPgD6Y3hv+XXssV4QsKjAKGZYMy2kB+C5HB
         6qilKBPw4/yINiyQxwuSH2JPoKPWlBk6omVMxJi3t6RBHDdkgzn1b8EodTmqZWCZmMyn
         0gR2FWMQB8/54smEtpK3f+6CmQwMBCrRicsE/02ZW5fPKsbvjSlJx0QX9ZIfE7+kDpPE
         FUXh8eqILdomr4gDMBZTf6LlO1m1tLnlyIDQr83KDTJQ4UfAG/Fo5nWtIGc/NG/UxWI+
         nnaQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=nLs8CQ4W;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x10si16227508pfh.85.2018.05.04.07.32.16;
        Fri, 04 May 2018 07:32:30 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=nLs8CQ4W;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751861AbeEDOa1 (ORCPT <rfc822;ereslibre@gmail.com> + 99 others);
        Fri, 4 May 2018 10:30:27 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:36070 "EHLO
        mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751729AbeEDO3q (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 4 May 2018 10:29:46 -0400
Received: by mail-wm0-f66.google.com with SMTP id n10-v6so5182494wmc.1;
        Fri, 04 May 2018 07:29:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=FvCx9g1K3KZMxfEwjrxWWIBIQFACTn6xEqYDgS0oPtQ=;
        b=nLs8CQ4Wr4gcb5htjKgqt52dGGBWI0fOgmh5UBztGJJL+OM9i2yyzqXtFPNlrbCVea
         r8UoNy9FMjAdFtwg03xa6Mp4dhGkT9bGPBK1DXTkoyKxvz87x2YLraGnNSuFW2iG4nvY
         xjSAvRlQLPgdRszIs1n3Lz4OYfVTH36jZ/LqvC0cVpaa/n+LMBuayiYWXFM/Rk+W9MUH
         2zsMTCsJs0aNQegMvU0aSRW3e3x63o12wBnnz5r2N9b89bNLBZ0+kdf7VW5DWqEHdO2x
         y2ng8lqBO+V9WPK6HcX93RogIMgZzjtcH8HRMCOkQduAQQkUGeF/f7CgivoLej2+jQ8+
         fsMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=FvCx9g1K3KZMxfEwjrxWWIBIQFACTn6xEqYDgS0oPtQ=;
        b=iIiTIgyqvWc+dDKIOjVS8fQn02KtTr8YQchddKBeo2b2J/+t1FAAzeWGXGoBLxhuPC
         pfD1Io/DKUajvczJ0SJX86OOAudQeB1jO2lWoURovpEVf7hYJZ+iDqKH82l65YiTVe77
         ythnAVoqRDGDNsrshR/nf8nBywUfxOpLqE3DDifM2vbRov7OM7G+2h8TExu/7CQrPh1f
         3BLzpZpVVLlat1PCA+X+kWA9TDJ7957X1ahYzF73DIs0g5kD0LCS53GbZVE0dnP73wJ0
         b3nBS8FXLwUICIuXkvw78Fbt4n6XJtj14PV5mSQJVCyICrQ4AKFazMwwBgXV+0TrHigH
         m9/A==
X-Gm-Message-State: ALQs6tD6P9A23xRQcqv7YoaWTuWnHEhJLP/AgRzFw9AQrcME+AW1sOvp
        deIWotAbDLhCD1yxUVsjMa6rEw==
X-Received: by 10.28.168.77 with SMTP id r74mr18971396wme.114.1525444184590;
        Fri, 04 May 2018 07:29:44 -0700 (PDT)
Received: from david-x1.fritz.box (p200300C2A3D634001758913C97055056.dip0.t-ipconnect.de. [2003:c2:a3d6:3400:1758:913c:9705:5056])
        by smtp.gmail.com with ESMTPSA id h8-v6sm1474907wmc.16.2018.05.04.07.29.43
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 04 May 2018 07:29:44 -0700 (PDT)
From:   David Herrmann <dh.herrmann@gmail.com>
To:     linux-kernel@vger.kernel.org
Cc:     James Morris <jmorris@namei.org>, Paul Moore <paul@paul-moore.com>,
        teg@jklm.no, Stephen Smalley <sds@tycho.nsa.gov>,
        selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org,
        Eric Paris <eparis@parisplace.org>, serge@hallyn.com,
        Casey Schaufler <casey@schaufler-ca.com>, davem@davemloft.net,
        netdev@vger.kernel.org, David Herrmann <dh.herrmann@gmail.com>
Subject: [PATCH v2 4/4] smack: provide socketpair callback
Date:   Fri,  4 May 2018 16:28:22 +0200
Message-Id: <20180504142822.15233-5-dh.herrmann@gmail.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180504142822.15233-1-dh.herrmann@gmail.com>
References: <20180504142822.15233-1-dh.herrmann@gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Tom Gundersen <teg@jklm.no>

Make sure to implement the new socketpair callback so the SO_PEERSEC
call on socketpair(2)s will return correct information.

Signed-off-by: Tom Gundersen <teg@jklm.no>
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
---
 security/smack/smack_lsm.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0b414836bebd..dcb976f98df2 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2842,6 +2842,27 @@ static int smack_socket_post_create(struct socket *sock, int family,
 	return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
 }
 
+/**
+ * smack_socket_socketpair - create socket pair
+ * @socka: one socket
+ * @sockb: another socket
+ *
+ * Cross reference the peer labels for SO_PEERSEC
+ *
+ * Returns 0 on success, and error code otherwise
+ */
+static int smack_socket_socketpair(struct socket *socka,
+		                   struct socket *sockb)
+{
+	struct socket_smack *asp = socka->sk->sk_security;
+	struct socket_smack *bsp = sockb->sk->sk_security;
+
+	asp->smk_packet = bsp->smk_out;
+	bsp->smk_packet = asp->smk_out;
+
+	return 0;
+}
+
 #ifdef SMACK_IPV6_PORT_LABELING
 /**
  * smack_socket_bind - record port binding information.
@@ -4724,6 +4745,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
 
 	LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
+	LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair),
 #ifdef SMACK_IPV6_PORT_LABELING
 	LSM_HOOK_INIT(socket_bind, smack_socket_bind),
 #endif
-- 
2.17.0