Commit 08382c9f authored by jooseong lee's avatar jooseong lee Committed by Casey Schaufler
Browse files

Smack: Assign smack_known_web label for kernel thread's 



Assign smack_known_web label for kernel thread's socket

Creating struct sock by sk_alloc function in various kernel subsystems
like bluetooth doesn't call smack_socket_post_create(). In such case,
received sock label is the floor('_') label and makes access deny.

Signed-off-by: default avatarjooseong lee <jooseong.lee@samsung.com>
Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
parent 07d9a380

security/smack/smack_lsm.c

+10 −2
Original line number Diff line number Diff line
@@ -2337,8 +2337,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 
	if (ssp == NULL)

		return -ENOMEM;



	/*

	 * Sockets created by kernel threads receive web label.

	 */

	if (unlikely(current->flags & PF_KTHREAD)) {

		ssp->smk_in = &smack_known_web;

		ssp->smk_out = &smack_known_web;

	} else {

		ssp->smk_in = skp;

		ssp->smk_out = skp;

	}

	ssp->smk_packet = NULL;



	sk->sk_security = ssp;