Smack: File receive for sockets
The existing file receive hook checks for access on
the file inode even for UDS. This is not right, as
the inode is not used by Smack to make access checks
for sockets. This change checks for an appropriate
access relationship between the receiving (current)
process and the socket. If the process can't write
to the socket's send label or the socket's receive
label can't write to the process fail.
This will allow the legitimate cases, where the
socket sender and socket receiver can freely communicate.
Only strangly set socket labels should cause a problem.
Change-Id: Id37df53243264ac843f9c6693ba99aba9779f05e
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[backport to 3.10 from smack-next commit
79be093500791cc25cc31bcaec5a4db62e21497b]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
(cherry picked from commit
4306b30a4c4c787144fb7ff71ffe44799c9386dd)
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
projects / sdk / emulator / emulator-kernel.git / commit