summaryrefslogtreecommitdiffstats
path: root/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch
diff options
context:
space:
mode:
authorKarthik Ramanan <a0393906@ti.com>2017-01-05 18:01:23 +0530
committerKarthik Ramanan <a0393906@ti.com>2017-01-05 18:04:31 +0530
commit554f8d394c626d3a151127e67caddc3196e3ffc1 (patch)
treef87d6aa5792cf619659dd07db5dabdf569c8dd20 /meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch
parente48bb054957454cdb5265e27a5680694e272e98a (diff)
dra7xx-evm: Fix issue with bluetooth pairing
This patch is ported from meta-agl-extra Commit details below: commit c50805d25ba95473e8b4d1eb28d1203a328cd77a Author: José Bollo <jose.bollo@iot.bzh> Change-Id: I54a40935d6d2bbd9c267985c9e23a14bdffb7a3c Signed-off-by: Karthik Ramanan <a0393906@ti.com>
Diffstat (limited to 'meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch')
-rw-r--r--meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch65
1 files changed, 65 insertions, 0 deletions
diff --git a/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch b/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch
new file mode 100644
index 000000000..4021e5d38
--- /dev/null
+++ b/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch
@@ -0,0 +1,65 @@
+From 2b206c36b16e72cfe41cd22448d8527359ffd962 Mon Sep 17 00:00:00 2001
+From: Casey Schaufler <casey@schaufler-ca.com>
+Date: Mon, 7 Dec 2015 14:34:32 -0800
+Subject: [PATCH 1/4] Smack: File receive for sockets
+
+The existing file receive hook checks for access on
+the file inode even for UDS. This is not right, as
+the inode is not used by Smack to make access checks
+for sockets. This change checks for an appropriate
+access relationship between the receiving (current)
+process and the socket. If the process can't write
+to the socket's send label or the socket's receive
+label can't write to the process fail.
+
+This will allow the legitimate cases, where the
+socket sender and socket receiver can freely communicate.
+Only strangly set socket labels should cause a problem.
+
+Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
+---
+ security/smack/smack_lsm.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
+index ff81026..b20ef06 100644
+--- a/security/smack/smack_lsm.c
++++ b/security/smack/smack_lsm.c
+@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file)
+ int may = 0;
+ struct smk_audit_info ad;
+ struct inode *inode = file_inode(file);
++ struct socket *sock;
++ struct task_smack *tsp;
++ struct socket_smack *ssp;
+
+ if (unlikely(IS_PRIVATE(inode)))
+ return 0;
+
+ smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
+ smk_ad_setfield_u_fs_path(&ad, file->f_path);
++
++ if (S_ISSOCK(inode->i_mode)) {
++ sock = SOCKET_I(inode);
++ ssp = sock->sk->sk_security;
++ tsp = current_security();
++ /*
++ * If the receiving process can't write to the
++ * passed socket or if the passed socket can't
++ * write to the receiving process don't accept
++ * the passed socket.
++ */
++ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
++ rc = smk_bu_file(file, may, rc);
++ if (rc < 0)
++ return rc;
++ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
++ rc = smk_bu_file(file, may, rc);
++ return rc;
++ }
+ /*
+ * This code relies on bitmasks.
+ */
+--
+2.7.4
+