Smack: Assign smack_known_web label for kernel thread's
Assign smack_known_web label for kernel thread's socket Creating struct sock by sk_alloc function in various kernel subsystems like bluetooth doesn't call smack_socket_post_create(). In such case, received sock label is the floor('_') label and makes access deny. Signed-off-by: jooseong lee <jooseong.lee@samsung.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
parent
07d9a38068
commit
08382c9f6e
1 changed files with 10 additions and 2 deletions
|
@ -2337,8 +2337,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
|
|||
if (ssp == NULL)
|
||||
return -ENOMEM;
|
||||
|
||||
ssp->smk_in = skp;
|
||||
ssp->smk_out = skp;
|
||||
/*
|
||||
* Sockets created by kernel threads receive web label.
|
||||
*/
|
||||
if (unlikely(current->flags & PF_KTHREAD)) {
|
||||
ssp->smk_in = &smack_known_web;
|
||||
ssp->smk_out = &smack_known_web;
|
||||
} else {
|
||||
ssp->smk_in = skp;
|
||||
ssp->smk_out = skp;
|
||||
}
|
||||
ssp->smk_packet = NULL;
|
||||
|
||||
sk->sk_security = ssp;
|
||||
|
|
Loading…
Reference in a new issue