ssp = sock->sk->sk_security;
if (strcmp(name, XATTR_SMACK_IPIN) == 0)
- isp = ssp->smk_in;
+ isp = ssp->smk_in->smk_known;
else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
isp = ssp->smk_out->smk_known;
else
if (ssp == NULL)
return -ENOMEM;
- ssp->smk_in = skp->smk_known;
+ ssp->smk_in = skp;
ssp->smk_out = skp;
ssp->smk_packet = NULL;
if (act == SMK_RECEIVING) {
skp = smack_net_ambient;
- object = ssp->smk_in;
+ object = ssp->smk_in->smk_known;
} else {
skp = ssp->smk_out;
object = smack_net_ambient->smk_known;
list_for_each_entry(spp, &smk_ipv6_port_list, list) {
if (spp->smk_port != port)
continue;
- object = spp->smk_in;
+ object = spp->smk_in->smk_known;
if (act == SMK_CONNECTING)
- ssp->smk_packet = spp->smk_out->smk_known;
+ ssp->smk_packet = spp->smk_out;
break;
}
ssp = sock->sk->sk_security;
if (strcmp(name, XATTR_SMACK_IPIN) == 0)
- ssp->smk_in = skp->smk_known;
+ ssp->smk_in = skp;
else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
ssp->smk_out = skp;
if (sock->sk->sk_family == PF_INET) {
*/
if (unlikely(current->flags & PF_KTHREAD)) {
ssp = sock->sk->sk_security;
- ssp->smk_in = smack_known_web.smk_known;
+ ssp->smk_in = &smack_known_web;
}
if (family != PF_INET)
return 0;
struct sock *other, struct sock *newsk)
{
struct smack_known *skp;
+ struct smack_known *okp;
struct socket_smack *ssp = sock->sk_security;
struct socket_smack *osp = other->sk_security;
struct socket_smack *nsp = newsk->sk_security;
struct smk_audit_info ad;
int rc = 0;
-
#ifdef CONFIG_AUDIT
struct lsm_network_audit net;
-
- smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
- smk_ad_setfield_u_net_sk(&ad, other);
#endif
if (!smack_privileged(CAP_MAC_OVERRIDE)) {
skp = ssp->smk_out;
-
- rc = smk_access(skp, osp->smk_in, MAY_WRITE, &ad);
- rc = smk_bu_note("UDS connect", skp, osp->smk_in,
+ okp = osp->smk_out;
+#ifdef CONFIG_AUDIT
+ smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
+ smk_ad_setfield_u_net_sk(&ad, other);
+#endif
+ rc = smk_access(skp, okp->smk_known, MAY_WRITE, &ad);
+ rc = smk_bu_note("UDS connect", skp, okp->smk_known,
MAY_WRITE, rc);
+ if (rc == 0) {
+ rc = smk_access(okp, okp->smk_known, MAY_WRITE, NULL);
+ rc = smk_bu_note("UDS connect", okp, okp->smk_known,
+ MAY_WRITE, rc);
+ }
}
/*
* Cross reference the peer labels for SO_PEERSEC.
*/
if (rc == 0) {
- nsp->smk_packet = ssp->smk_out->smk_known;
- ssp->smk_packet = osp->smk_out->smk_known;
+ nsp->smk_packet = ssp->smk_out;
+ ssp->smk_packet = osp->smk_out;
}
return rc;
skp = ssp->smk_out;
- rc = smk_access(skp, osp->smk_in, MAY_WRITE, &ad);
- rc = smk_bu_note("UDS send", skp, osp->smk_in,
+ rc = smk_access(skp, osp->smk_in->smk_known, MAY_WRITE, &ad);
+ rc = smk_bu_note("UDS send", skp, osp->smk_in->smk_known,
MAY_WRITE, rc);
return rc;
}
if (found)
return skp;
- if (ssp != NULL && ssp->smk_in == smack_known_star.smk_known)
+ if (ssp != NULL && ssp->smk_in == &smack_known_star)
return &smack_known_web;
return &smack_known_star;
}
* for networking.
*/
- rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
- rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
+ rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad);
+ rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in->smk_known,
MAY_WRITE, rc);
if (rc != 0)
ssp = sock->sk->sk_security;
if (ssp->smk_packet != NULL) {
- rcp = ssp->smk_packet;
+ rcp = ssp->smk_packet->smk_known;
slen = strlen(rcp) + 1;
}
return;
ssp = sk->sk_security;
- ssp->smk_in = skp->smk_known;
+ ssp->smk_in = skp;
ssp->smk_out = skp;
/* cssp->smk_packet is already set in smack_inet_csk_clone() */
}
* here. Read access is not required.
*/
- rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
- rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in,
+ rc = smk_access(skp, ssp->smk_in->smk_known, MAY_WRITE, &ad);
+ rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in->smk_known,
MAY_WRITE, rc);
if (rc != 0)
return rc;
if (req->peer_secid != 0) {
skp = smack_from_secid(req->peer_secid);
- ssp->smk_packet = skp->smk_known;
+ ssp->smk_packet = skp;
} else
ssp->smk_packet = NULL;
}