summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2016-11-03 11:26:17 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2016-11-04 10:52:09 +0100
commitc50805d25ba95473e8b4d1eb28d1203a328cd77a (patch)
treeebfe4059593673fc923726386654f5b83157ef59 /meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch
parent77c89adf2f5a6480440d269317c46168dbda24f8 (diff)
Smack: fixup of bluetooth socket labelling
The sockets created by kernel thread will now be tagged @ instead of _. This problem was occuring during creation of AF_BLUETOOTH (but is also latent AF_ALG, AF_IUCV, AF_SCTP, AF_TIPC as they don't go through the normal socket creation process within linux). Having the tag @ allows read/write to sockets without special rules and tus solve the problem. This solution from upstream linux patches backported and from a patch made by Samsung for Tizen and that is currently discussed within kernel lists. Also add some improvements of the LSM Smack (valid caching and signal 0). These improvements are backports of patches already available for linux 4.9-rc3. AGL-bug: SPEC-293 (https://jira.automotivelinux.org/browse/SPEC-293) Change-Id: I5999a951a4bbeba7947ebfe5df091de07d59e57e Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch')
-rw-r--r--meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch43
1 files changed, 43 insertions, 0 deletions
diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch
new file mode 100644
index 0000000..c516f3a
--- /dev/null
+++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch
@@ -0,0 +1,43 @@
+From 99267706991ab84bd44ceaea9a7ec886bbdd58e0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net>
+Date: Tue, 12 Jan 2016 21:23:40 +0100
+Subject: [PATCH 2/4] smack: fix cache of access labels
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Before this commit, removing the access property of
+a file, aka, the extended attribute security.SMACK64
+was not effictive until the cache had been cleaned.
+
+This patch fixes that problem.
+
+Signed-off-by: José Bollo <jobol@nonadev.net>
+Acked-by: Casey Schaufler <casey@schaufler-ca.com>
+---
+ security/smack/smack_lsm.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
+index b20ef06..b2bcb14 100644
+--- a/security/smack/smack_lsm.c
++++ b/security/smack/smack_lsm.c
+@@ -1444,9 +1444,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
+ * Don't do anything special for these.
+ * XATTR_NAME_SMACKIPIN
+ * XATTR_NAME_SMACKIPOUT
+- * XATTR_NAME_SMACKEXEC
+ */
+- if (strcmp(name, XATTR_NAME_SMACK) == 0)
++ if (strcmp(name, XATTR_NAME_SMACK) == 0) {
++ struct super_block *sbp = d_backing_inode(dentry)->i_sb;
++ struct superblock_smack *sbsp = sbp->s_security;
++
++ isp->smk_inode = sbsp->smk_default;
++ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
+ isp->smk_task = NULL;
+ else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
+ isp->smk_mmap = NULL;
+--
+2.7.4
+