From 19fbfae69af474ccf8a123773d2ec0d819f0cdf2 Mon Sep 17 00:00:00 2001 From: Casey Schaufler Date: Mon, 7 Dec 2015 14:34:32 -0800 Subject: [PATCH] Smack: File receive for sockets The existing file receive hook checks for access on the file inode even for UDS. This is not right, as the inode is not used by Smack to make access checks for sockets. This change checks for an appropriate access relationship between the receiving (current) process and the socket. If the process can't write to the socket's send label or the socket's receive label can't write to the process fail. This will allow the legitimate cases, where the socket sender and socket receiver can freely communicate. Only strangly set socket labels should cause a problem. Change-Id: Id37df53243264ac843f9c6693ba99aba9779f05e Signed-off-by: Casey Schaufler [backport to 3.10 from smack-next commit 79be093500791cc25cc31bcaec5a4db62e21497b] Signed-off-by: Seung-Woo Kim (cherry picked from commit 4306b30a4c4c787144fb7ff71ffe44799c9386dd) Signed-off-by: Sooyoung Ha --- security/smack/smack_lsm.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ea4ae19..61291e5 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1664,9 +1664,30 @@ static int smack_file_receive(struct file *file) int rc; int may = 0; struct smk_audit_info ad; + struct inode *inode = file_inode(file); + struct socket *sock; + struct task_smack *tsp; + struct socket_smack *ssp; smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, file->f_path); + + if (S_ISSOCK(inode->i_mode)) { + sock = SOCKET_I(inode); + ssp = sock->sk->sk_security; + tsp = current_security(); + /* + * If the receiving process can't write to the + * passed socket or if the passed socket can't + * write to the receiving process don't accept + * the passed socket. + */ + rc = smk_access(tsp->smk_task, ssp->smk_out->smk_known, MAY_WRITE, &ad); + if (rc < 0) + return rc; + rc = smk_access(ssp->smk_in, tsp->smk_task->smk_known, MAY_WRITE, &ad); + return rc; + } /* * This code relies on bitmasks. */ -- 2.7.4