提交 08382c9f 编写于 作者: J jooseong lee 提交者: Casey Schaufler

Smack: Assign smack_known_web label for kernel thread's

Assign smack_known_web label for kernel thread's socket

Creating struct sock by sk_alloc function in various kernel subsystems
like bluetooth doesn't call smack_socket_post_create(). In such case,
received sock label is the floor('_') label and makes access deny.
Signed-off-by: Njooseong lee <jooseong.lee@samsung.com>
Acked-by: NCasey Schaufler <casey@schaufler-ca.com>
上级 07d9a380
...@@ -2337,8 +2337,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) ...@@ -2337,8 +2337,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
if (ssp == NULL) if (ssp == NULL)
return -ENOMEM; return -ENOMEM;
ssp->smk_in = skp; /*
ssp->smk_out = skp; * Sockets created by kernel threads receive web label.
*/
if (unlikely(current->flags & PF_KTHREAD)) {
ssp->smk_in = &smack_known_web;
ssp->smk_out = &smack_known_web;
} else {
ssp->smk_in = skp;
ssp->smk_out = skp;
}
ssp->smk_packet = NULL; ssp->smk_packet = NULL;
sk->sk_security = ssp; sk->sk_security = ssp;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册