diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2016-11-03 11:26:17 +0100 |
|---|---|---|
| committer |   Stephane Desneux <stephane.desneux@iot.bzh> | 2017-03-27 15:33:39 +0200 |
| commit | 827d7c1c4819737ca5442330c24588a83b72b87b (patch) | |
| tree | 4b1401d98ad99d08dedd8dc58b4279fe227bd15f /meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch | |
| parent | 532f6ad992ae7631dd44a74d0a0bd43126ce3bdf (diff) | |
Smack: fixup of bluetooth socket labelling
The sockets created by kernel thread will now be
tagged @ instead of _.
This problem was occuring during creation of AF_BLUETOOTH (but is
also latent AF_ALG, AF_IUCV, AF_SCTP, AF_TIPC as they don't go
through the normal socket creation process within linux).
Having the tag @ allows read/write to sockets without special
rules and tus solve the problem.
This solution from upstream linux patches backported and from
a patch made by Samsung for Tizen and that is currently
discussed within kernel lists.
Also add some improvements of the LSM Smack (valid caching and signal 0).
These improvements are backports of patches already available for
linux 4.9-rc3.
AGL-bug: SPEC-293 (https://jira.automotivelinux.org/browse/SPEC-293)
Change-Id: I5999a951a4bbeba7947ebfe5df091de07d59e57e
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
Diffstat (limited to 'meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch')
| -rw-r--r-- | meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch new file mode 100644 index 000000000..c516f3aa5 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch @@ -0,0 +1,43 @@ +From 99267706991ab84bd44ceaea9a7ec886bbdd58e0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net> +Date: Tue, 12 Jan 2016 21:23:40 +0100 +Subject: [PATCH 2/4] smack: fix cache of access labels +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Before this commit, removing the access property of +a file, aka, the extended attribute security.SMACK64 +was not effictive until the cache had been cleaned. + +This patch fixes that problem. + +Signed-off-by: José Bollo <jobol@nonadev.net> +Acked-by: Casey Schaufler <casey@schaufler-ca.com> +--- + security/smack/smack_lsm.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b20ef06..b2bcb14 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1444,9 +1444,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) + * Don't do anything special for these. + * XATTR_NAME_SMACKIPIN + * XATTR_NAME_SMACKIPOUT +- * XATTR_NAME_SMACKEXEC + */ +- if (strcmp(name, XATTR_NAME_SMACK) == 0) ++ if (strcmp(name, XATTR_NAME_SMACK) == 0) { ++ struct super_block *sbp = d_backing_inode(dentry)->i_sb; ++ struct superblock_smack *sbsp = sbp->s_security; ++ ++ isp->smk_inode = sbsp->smk_default; ++ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) + isp->smk_task = NULL; + else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) + isp->smk_mmap = NULL; +-- +2.7.4 + |