Smack: fixup of bluetooth socket labelling

The sockets created by kernel thread will now be
tagged @ instead of _.

This problem was occuring during creation of AF_BLUETOOTH (but is
also latent AF_ALG, AF_IUCV, AF_SCTP, AF_TIPC as they don't go
through the normal socket creation process within linux).

Having the tag @ allows read/write to sockets without special
rules and tus solve the problem.

This solution from upstream linux patches backported and from
a patch made by Samsung for Tizen and that is currently
discussed within kernel lists.

Also add some improvements of the LSM Smack (valid caching and signal 0).
These improvements are backports of patches already available for
linux 4.9-rc3.

AGL-bug: SPEC-293 (https://jira.automotivelinux.org/browse/SPEC-293)

Change-Id: I5999a951a4bbeba7947ebfe5df091de07d59e57e
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>

1 files changed, 62 insertions, 0 deletions

diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch
new file mode 100644
index 000000000..b0c5ee8f4
--- /dev/null
+++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch
@@ -0,0 +1,62 @@
+From 2e65b888820ea372984d412cee3bd7dcba05d7d2 Mon Sep 17 00:00:00 2001
+From: Casey Schaufler <casey@schaufler-ca.com>
+Date: Mon, 7 Dec 2015 14:34:32 -0800
+Subject: [PATCH 1/4] Smack: File receive for sockets
+
+The existing file receive hook checks for access on
+the file inode even for UDS. This is not right, as
+the inode is not used by Smack to make access checks
+for sockets. This change checks for an appropriate
+access relationship between the receiving (current)
+process and the socket. If the process can't write
+to the socket's send label or the socket's receive
+label can't write to the process fail.
+
+This will allow the legitimate cases, where the
+socket sender and socket receiver can freely communicate.
+Only strangly set socket labels should cause a problem.
+
+Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
+---
+ security/smack/smack_lsm.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
+index b644757..487b2f3 100644
+--- a/security/smack/smack_lsm.c
++++ b/security/smack/smack_lsm.c
+@@ -1672,9 +1672,31 @@ static int smack_file_receive(struct file *file)
+ 	int may = 0;
+ 	struct smk_audit_info ad;
+ 	struct inode *inode = file_inode(file);
++	struct socket *sock;
++	struct task_smack *tsp;
++	struct socket_smack *ssp;
+ 
+ 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
+ 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
++
++	if (S_ISSOCK(inode->i_mode)) {
++		sock = SOCKET_I(inode);
++		ssp = sock->sk->sk_security;
++		tsp = current_security();
++		/*
++		 * If the receiving process can't write to the
++		 * passed socket or if the passed socket can't
++		 * write to the receiving process don't accept
++		 * the passed socket.
++		 */
++		rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
++		rc = smk_bu_file(file, may, rc);
++		if (rc < 0)
++			return rc;
++		rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
++		rc = smk_bu_file(file, may, rc);
++		return rc;
++	}
+ 	/*
+ 	 * This code relies on bitmasks.
+ 	 */
+-- 
+2.7.4
+