Revert "selinux: fix the default socket labeling in sock_graft()"
This reverts commit 4da6daf4d3
.
Unfortunately, the commit in question caused problems with Bluetooth
devices, specifically it caused them to get caught in the newly
created BUG_ON() check. The AF_ALG problem still exists, but will be
addressed in a future patch.
Cc: stable@vger.kernel.org
Signed-off-by: Paul Moore <pmoore@redhat.com>
This commit is contained in:
parent
4da6daf4d3
commit
2873ead7e4
|
@ -987,10 +987,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
|
|||
* Retrieve the LSM-specific secid for the sock to enable caching of network
|
||||
* authorizations.
|
||||
* @sock_graft:
|
||||
* This hook is called in response to a newly created sock struct being
|
||||
* grafted onto an existing socket and allows the security module to
|
||||
* perform whatever security attribute management is necessary for both
|
||||
* the sock and socket.
|
||||
* Sets the socket's isec sid to the sock's sid.
|
||||
* @inet_conn_request:
|
||||
* Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
|
||||
* @inet_csk_clone:
|
||||
|
|
|
@ -4499,18 +4499,9 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
|
|||
struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
|
||||
struct sk_security_struct *sksec = sk->sk_security;
|
||||
|
||||
switch (sk->sk_family) {
|
||||
case PF_INET:
|
||||
case PF_INET6:
|
||||
case PF_UNIX:
|
||||
if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
|
||||
sk->sk_family == PF_UNIX)
|
||||
isec->sid = sksec->sid;
|
||||
break;
|
||||
default:
|
||||
/* by default there is no special labeling mechanism for the
|
||||
* sksec label so inherit the label from the parent socket */
|
||||
BUG_ON(sksec->sid != SECINITSID_UNLABELED);
|
||||
sksec->sid = isec->sid;
|
||||
}
|
||||
sksec->sclass = isec->sclass;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue