diff options
author | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2017-01-06 01:26:50 +0100 |
---|---|---|
committer | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2017-01-06 01:26:54 +0100 |
commit | 667e9c254e97555cae75b95a91a0bed6741bf5f1 (patch) | |
tree | be31a47399f51e159227abae8f55794d6f11db62 /meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch | |
parent | 554f8d394c626d3a151127e67caddc3196e3ffc1 (diff) |
Apply bluetooth/smack patches also to rpi kernel
This changeset patches the rpi with the needed changes to
allow bluetooth to work together with smack. The patches were
developed for porter and are a backport of patches submitted
for 4.10+ .
Bug-AGL: SPEC-293
Change-Id: I96d04a709de6ad7843840d9ae154f041173948a2
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Diffstat (limited to 'meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch')
-rw-r--r-- | meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch new file mode 100644 index 000000000..c9180bb9f --- /dev/null +++ b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch @@ -0,0 +1,39 @@ +From ec4eb03af07b0fbc330aecca6ac4ebd6accd8825 Mon Sep 17 00:00:00 2001 +From: Rafal Krypa <r.krypa@samsung.com> +Date: Mon, 4 Apr 2016 11:14:53 +0200 +Subject: [PATCH 3/4] Smack: ignore null signal in smack_task_kill + +Kill with signal number 0 is commonly used for checking PID existence. +Smack treated such cases like any other kills, although no signal is +actually delivered when sig == 0. + +Checking permissions when sig == 0 didn't prevent an unprivileged caller +from learning whether PID exists or not. When it existed, kernel returned +EPERM, when it didn't - ESRCH. The only effect of policy check in such +case is noise in audit logs. + +This change lets Smack silently ignore kill() invocations with sig == 0. + +Signed-off-by: Rafal Krypa <r.krypa@samsung.com> +Acked-by: Casey Schaufler <casey@schaufler-ca.com> +--- + security/smack/smack_lsm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b2bcb14..cf8a93f 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2239,6 +2239,9 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, + struct smack_known *tkp = smk_of_task_struct(p); + int rc; + ++ if (!sig) ++ return 0; /* null signal; existence test */ ++ + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); + smk_ad_setfield_u_tsk(&ad, p); + /* +-- +2.7.4 + |