Received: by 10.192.165.148 with SMTP id m20csp114986imm; Fri, 4 May 2018 07:32:30 -0700 (PDT) X-Google-Smtp-Source: AB8JxZontHkbEKk+oElE22/XSoS+kbFo7Cvqc1e7cI0zyoie3wZPlmkbTD0tcb6YhTk+nQdElswK X-Received: by 2002:a63:774e:: with SMTP id s75-v6mr22590398pgc.162.1525444350883; Fri, 04 May 2018 07:32:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525444350; cv=none; d=google.com; s=arc-20160816; b=DfEQ+KkTQLWCxWSz41wm9A3fp4mL+YXXPymM4ALvP3TNUrSO/Qtx++QDf1QKUhpLpW BtjoMEBqpr8/YqyDhfBI9kKmHWS8bh2QjCC5sv7cQjtqPqPRguSI0mDDJiHkRXzFGr+0 S+WHDetrEPS7Tl2gjVvIUPPz42tgZkq9lYCTGD4blGtnDj1LMdnTsOvCwCCVqTA/Y9ru sO5E9hpOaEN48MeddwUi36idYDfFJpoM0qxSUtYASTogZpai6X+vseh7MY0+fhyZMyBo Nn5YbJJkADezufAM9hEBsD7KcoY2fvgDCC70SikxvWik/Idyp4q782mLTzQeqBmjIawO 541g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=FvCx9g1K3KZMxfEwjrxWWIBIQFACTn6xEqYDgS0oPtQ=; b=fiUqcAs/sQiaqV4UOQJBv8gje8JwCfFngyHQzsx2uaiN8dHpt+Ql/dueWb+fCMYUvt djDd70KmorTg/xWl/XMfu8mLXUC0XpO7WYPgD6Y3hv+XXssV4QsKjAKGZYMy2kB+C5HB 6qilKBPw4/yINiyQxwuSH2JPoKPWlBk6omVMxJi3t6RBHDdkgzn1b8EodTmqZWCZmMyn 0gR2FWMQB8/54smEtpK3f+6CmQwMBCrRicsE/02ZW5fPKsbvjSlJx0QX9ZIfE7+kDpPE FUXh8eqILdomr4gDMBZTf6LlO1m1tLnlyIDQr83KDTJQ4UfAG/Fo5nWtIGc/NG/UxWI+ nnaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=nLs8CQ4W; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x10si16227508pfh.85.2018.05.04.07.32.16; Fri, 04 May 2018 07:32:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=nLs8CQ4W; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751861AbeEDOa1 (ORCPT + 99 others); Fri, 4 May 2018 10:30:27 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:36070 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751729AbeEDO3q (ORCPT ); Fri, 4 May 2018 10:29:46 -0400 Received: by mail-wm0-f66.google.com with SMTP id n10-v6so5182494wmc.1; Fri, 04 May 2018 07:29:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=FvCx9g1K3KZMxfEwjrxWWIBIQFACTn6xEqYDgS0oPtQ=; b=nLs8CQ4Wr4gcb5htjKgqt52dGGBWI0fOgmh5UBztGJJL+OM9i2yyzqXtFPNlrbCVea r8UoNy9FMjAdFtwg03xa6Mp4dhGkT9bGPBK1DXTkoyKxvz87x2YLraGnNSuFW2iG4nvY xjSAvRlQLPgdRszIs1n3Lz4OYfVTH36jZ/LqvC0cVpaa/n+LMBuayiYWXFM/Rk+W9MUH 2zsMTCsJs0aNQegMvU0aSRW3e3x63o12wBnnz5r2N9b89bNLBZ0+kdf7VW5DWqEHdO2x y2ng8lqBO+V9WPK6HcX93RogIMgZzjtcH8HRMCOkQduAQQkUGeF/f7CgivoLej2+jQ8+ fsMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=FvCx9g1K3KZMxfEwjrxWWIBIQFACTn6xEqYDgS0oPtQ=; b=iIiTIgyqvWc+dDKIOjVS8fQn02KtTr8YQchddKBeo2b2J/+t1FAAzeWGXGoBLxhuPC pfD1Io/DKUajvczJ0SJX86OOAudQeB1jO2lWoURovpEVf7hYJZ+iDqKH82l65YiTVe77 ythnAVoqRDGDNsrshR/nf8nBywUfxOpLqE3DDifM2vbRov7OM7G+2h8TExu/7CQrPh1f 3BLzpZpVVLlat1PCA+X+kWA9TDJ7957X1ahYzF73DIs0g5kD0LCS53GbZVE0dnP73wJ0 b3nBS8FXLwUICIuXkvw78Fbt4n6XJtj14PV5mSQJVCyICrQ4AKFazMwwBgXV+0TrHigH m9/A== X-Gm-Message-State: ALQs6tD6P9A23xRQcqv7YoaWTuWnHEhJLP/AgRzFw9AQrcME+AW1sOvp deIWotAbDLhCD1yxUVsjMa6rEw== X-Received: by 10.28.168.77 with SMTP id r74mr18971396wme.114.1525444184590; Fri, 04 May 2018 07:29:44 -0700 (PDT) Received: from david-x1.fritz.box (p200300C2A3D634001758913C97055056.dip0.t-ipconnect.de. [2003:c2:a3d6:3400:1758:913c:9705:5056]) by smtp.gmail.com with ESMTPSA id h8-v6sm1474907wmc.16.2018.05.04.07.29.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 May 2018 07:29:44 -0700 (PDT) From: David Herrmann To: linux-kernel@vger.kernel.org Cc: James Morris , Paul Moore , teg@jklm.no, Stephen Smalley , selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, Eric Paris , serge@hallyn.com, Casey Schaufler , davem@davemloft.net, netdev@vger.kernel.org, David Herrmann Subject: [PATCH v2 4/4] smack: provide socketpair callback Date: Fri, 4 May 2018 16:28:22 +0200 Message-Id: <20180504142822.15233-5-dh.herrmann@gmail.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180504142822.15233-1-dh.herrmann@gmail.com> References: <20180504142822.15233-1-dh.herrmann@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tom Gundersen Make sure to implement the new socketpair callback so the SO_PEERSEC call on socketpair(2)s will return correct information. Signed-off-by: Tom Gundersen Signed-off-by: David Herrmann --- security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 0b414836bebd..dcb976f98df2 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2842,6 +2842,27 @@ static int smack_socket_post_create(struct socket *sock, int family, return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); } +/** + * smack_socket_socketpair - create socket pair + * @socka: one socket + * @sockb: another socket + * + * Cross reference the peer labels for SO_PEERSEC + * + * Returns 0 on success, and error code otherwise + */ +static int smack_socket_socketpair(struct socket *socka, + struct socket *sockb) +{ + struct socket_smack *asp = socka->sk->sk_security; + struct socket_smack *bsp = sockb->sk->sk_security; + + asp->smk_packet = bsp->smk_out; + bsp->smk_packet = asp->smk_out; + + return 0; +} + #ifdef SMACK_IPV6_PORT_LABELING /** * smack_socket_bind - record port binding information. @@ -4724,6 +4745,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), + LSM_HOOK_INIT(socket_socketpair, smack_socket_socketpair), #ifdef SMACK_IPV6_PORT_LABELING LSM_HOOK_INIT(socket_bind, smack_socket_bind), #endif -- 2.17.0