Commit 96be7b54 authored by Zbigniew Jasinski's avatar Zbigniew Jasinski Committed by Casey Schaufler

smack: Fix a bidirectional UDS connect check typo

The 54e70ec5 commit introduced a
bidirectional check that should have checked for mutual WRITE access
between two labels. Due to a typo subject's OUT label is checked with
object's OUT. Should be OUT to IN.
Signed-off-by: default avatarZbigniew Jasinski <z.jasinski@samsung.com>
parent 1d8c2326
...@@ -3312,7 +3312,7 @@ static int smack_unix_stream_connect(struct sock *sock, ...@@ -3312,7 +3312,7 @@ static int smack_unix_stream_connect(struct sock *sock,
if (!smack_privileged(CAP_MAC_OVERRIDE)) { if (!smack_privileged(CAP_MAC_OVERRIDE)) {
skp = ssp->smk_out; skp = ssp->smk_out;
okp = osp->smk_out; okp = osp->smk_in;
#ifdef CONFIG_AUDIT #ifdef CONFIG_AUDIT
smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
smk_ad_setfield_u_net_sk(&ad, other); smk_ad_setfield_u_net_sk(&ad, other);
...@@ -3320,6 +3320,8 @@ static int smack_unix_stream_connect(struct sock *sock, ...@@ -3320,6 +3320,8 @@ static int smack_unix_stream_connect(struct sock *sock,
rc = smk_access(skp, okp, MAY_WRITE, &ad); rc = smk_access(skp, okp, MAY_WRITE, &ad);
rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc); rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
if (rc == 0) { if (rc == 0) {
okp = osp->smk_out;
skp = ssp->smk_in;
rc = smk_access(okp, skp, MAY_WRITE, NULL); rc = smk_access(okp, skp, MAY_WRITE, NULL);
rc = smk_bu_note("UDS connect", okp, skp, rc = smk_bu_note("UDS connect", okp, skp,
MAY_WRITE, rc); MAY_WRITE, rc);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment