Commit 08382c9f authored by jooseong lee's avatar jooseong lee Committed by Casey Schaufler

Smack: Assign smack_known_web label for kernel thread's

Assign smack_known_web label for kernel thread's socket

Creating struct sock by sk_alloc function in various kernel subsystems
like bluetooth doesn't call smack_socket_post_create(). In such case,
received sock label is the floor('_') label and makes access deny.
Signed-off-by: default avatarjooseong lee <jooseong.lee@samsung.com>
Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
parent 07d9a380
...@@ -2337,8 +2337,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) ...@@ -2337,8 +2337,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
if (ssp == NULL) if (ssp == NULL)
return -ENOMEM; return -ENOMEM;
ssp->smk_in = skp; /*
ssp->smk_out = skp; * Sockets created by kernel threads receive web label.
*/
if (unlikely(current->flags & PF_KTHREAD)) {
ssp->smk_in = &smack_known_web;
ssp->smk_out = &smack_known_web;
} else {
ssp->smk_in = skp;
ssp->smk_out = skp;
}
ssp->smk_packet = NULL; ssp->smk_packet = NULL;
sk->sk_security = ssp; sk->sk_security = ssp;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment