Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 6b877699c6f1efede4545bcecc367786a472eedb^! / . / include
commit6b877699c6f1efede4545bcecc367786a472eedb[log] [tgz]
authorVenkat Yekkirala <vyekkirala@trustedcs.com>Wed Nov 08 17:04:09 2006 -0600
committerDavid S. Miller <davem@sunset.davemloft.net>Sat Dec 02 21:21:33 2006 -0800
treec0a60dc90578fa9f16d4496e2700bc285eab47c0
parentc1a856c9640c9ff3d70bbd8214b6a0974609eef8 [diff]
SELinux: Return correct context for SO_PEERSEC

Fix SO_PEERSEC for tcp sockets to return the security context of
the peer (as represented by the SA from the peer) as opposed to the
SA used by the local/source socket.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/include/linux/security.h b/include/linux/security.h
index a509329..84cebcd 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h

@@ -826,6 +826,8 @@
  *	Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
  * @inet_csk_clone:
  *	Sets the new child socket's sid to the openreq sid.
+ * @inet_conn_established:
+ *     Sets the connection's peersid to the secmark on skb.
  * @req_classify_flow:
  *	Sets the flow's sid to the openreq sid.
  *
@@ -1368,6 +1370,7 @@
 	int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb,
 					struct request_sock *req);
 	void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req);
+	void (*inet_conn_established)(struct sock *sk, struct sk_buff *skb);
 	void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl);
 #endif	/* CONFIG_SECURITY_NETWORK */
 
@@ -2961,9 +2964,15 @@
 {
 	security_ops->inet_csk_clone(newsk, req);
 }
+
+static inline void security_inet_conn_established(struct sock *sk,
+			struct sk_buff *skb)
+{
+	security_ops->inet_conn_established(sk, skb);
+}
 #else	/* CONFIG_SECURITY_NETWORK */
 static inline int security_unix_stream_connect(struct socket * sock,
-					       struct socket * other, 
+					       struct socket * other,
 					       struct sock * newsk)
 {
 	return 0;
@@ -3110,6 +3119,11 @@
 			const struct request_sock *req)
 {
 }
+
+static inline void security_inet_conn_established(struct sock *sk,
+			struct sk_buff *skb)
+{
+}
 #endif	/* CONFIG_SECURITY_NETWORK */
 
 #ifdef CONFIG_SECURITY_NETWORK_XFRM

diff --git a/include/net/request_sock.h b/include/net/request_sock.h
index 8e165ca..f743a94 100644
--- a/include/net/request_sock.h
+++ b/include/net/request_sock.h

@@ -54,6 +54,7 @@
 	struct request_sock_ops		*rsk_ops;
 	struct sock			*sk;
 	u32				secid;
+	u32				peer_secid;
 };
 
 static inline struct request_sock *reqsk_alloc(struct request_sock_ops *ops)