projects / sdk / emulator / emulator-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2915393)
Smack: File receive for sockets 47/67547/2
authorCasey Schaufler <casey@schaufler-ca.com>
Mon, 7 Dec 2015 22:34:32 +0000 (14:34 -0800)
committerSooyoung Ha <yoosah.ha@samsung.com>
Wed, 27 Apr 2016 08:15:41 +0000 (01:15 -0700)
The existing file receive hook checks for access on
the file inode even for UDS. This is not right, as
the inode is not used by Smack to make access checks
for sockets. This change checks for an appropriate
access relationship between the receiving (current)
process and the socket. If the process can't write
to the socket's send label or the socket's receive
label can't write to the process fail.

This will allow the legitimate cases, where the
socket sender and socket receiver can freely communicate.
Only strangly set socket labels should cause a problem.

* Re-apply for tizen_linux_4.4

Change-Id: I8ad3402982c1205be6a032b617788d70ac108c3f
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
security/smack/smack_lsm.c patch | blob | history

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7c57c7fcf5a2cdec1ffb03a6e471f2b5511d0bd3..bd249cf318b35e6d8025e5c936123cc8934f1ed2 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1858,12 +1858,34 @@ static int smack_file_receive(struct file *file)
        int may = 0;
        struct smk_audit_info ad;
        struct inode *inode = file_inode(file);
+       struct socket *sock;
+       struct task_smack *tsp;
+       struct socket_smack *ssp;
 
        if (unlikely(IS_PRIVATE(inode)))
                return 0;
 
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
        smk_ad_setfield_u_fs_path(&ad, file->f_path);
+
+       if (S_ISSOCK(inode->i_mode)) {
+               sock = SOCKET_I(inode);
+               ssp = sock->sk->sk_security;
+               tsp = current_security();
+               /*
+                * If the receiving process can't write to the
+                * passed socket or if the passed socket can't
+                * write to the receiving process don't accept
+                * the passed socket.
+                */
+               rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
+               rc = smk_bu_file(file, may, rc);
+               if (rc < 0)
+                       return rc;
+               rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
+               rc = smk_bu_file(file, may, rc);
+               return rc;
+       }
        /*
         * This code relies on bitmasks.
         */
Domain: SDK / Emulator;