UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/security/selinux
History
Xin Long e7310c9402 security: implement sctp_assoc_established hook in selinux 
Different from selinux_inet_conn_established(), it also gives the
secid to asoc->peer_secid in selinux_sctp_assoc_established(),
as one UDP-type socket may have more than one asocs.

Note that peer_secid in asoc will save the peer secid for this
asoc connection, and peer_sid in sksec will just keep the peer
secid for the latest connection. So the right use should be do
peeloff for UDP-type socket if there will be multiple asocs in
one socket, so that the peeloff socket has the right label for
its asoc.

v1->v2:
  - call selinux_inet_conn_established() to reduce some code
    duplication in selinux_sctp_assoc_established(), as Ondrej
    suggested.
  - when doing peeloff, it calls sock_create() where it actually
    gets secid for socket from socket_sockcreate_sid(). So reuse
    SECSID_WILD to ensure the peeloff socket keeps using that
    secid after calling selinux_sctp_sk_clone() for client side.

Fixes: 72e89f5008 ("security: Add support for SCTP security hooks")
Reported-by: Prashanth Prahlad <pprahlad@redhat.com>
Reviewed-by: Richard Haines <richard_c_haines@btinternet.com>
Tested-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2021-11-03 11:09:20 +00:00
..
include security: pass asoc to sctp_assoc_request and sctp_sk_clone 2021-11-03 11:09:20 +00:00
ss selinux: fix all of the W=1 build warnings 2021-10-13 16:31:51 -04:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
Kconfig Documentation,selinux: deprecate setting checkreqprot to 1 2020-02-10 10:49:01 -05:00
Makefile selinux: include a consumer of the new IMA critical data hook 2021-01-14 23:41:46 -05:00
avc.c selinux: fix all of the W=1 build warnings 2021-10-13 16:31:51 -04:00
hooks.c security: implement sctp_assoc_established hook in selinux 2021-11-03 11:09:20 +00:00
ibpkey.c selinux: remove unused global variables 2021-01-12 09:49:01 -05:00
ima.c ima: Add digest and digest_len params to the functions to measure a buffer 2021-07-23 09:27:02 -04:00
netif.c selinux: remove unused global variables 2021-01-12 09:49:01 -05:00
netlabel.c security: pass asoc to sctp_assoc_request and sctp_sk_clone 2021-11-03 11:09:20 +00:00
netlink.c selinux: mark some global variables __ro_after_init 2021-01-12 10:08:55 -05:00
netnode.c selinux: remove unused global variables 2021-01-12 09:49:01 -05:00
netport.c selinux: fix all of the W=1 build warnings 2021-10-13 16:31:51 -04:00
nlmsgtab.c include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage 2021-09-14 10:31:35 +02:00
selinuxfs.c selinux/stable-5.13 PR 20210426 2021-04-27 13:42:11 -07:00
status.c selinux: move status variables out of selinux_ss 2020-02-10 10:49:01 -05:00
xfrm.c selinux: delete selinux_xfrm_policy_lookup() useless argument 2021-05-10 21:38:31 -04:00