mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
crypto: af_alg - properly label AF_ALG socket
commit 4c63f83c2c upstream.
Th AF_ALG socket was missing a security label (e.g. SELinux)
which means that socket was in "unlabeled" state.
This was recently demonstrated in the cryptsetup package
(cryptsetup v1.6.5 and later.)
See https://bugzilla.redhat.com/show_bug.cgi?id=1115120
This patch clones the sock's label from the parent sock
and resolves the issue (similar to AF_BLUETOOTH protocol family).
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Milan Broz
Greg Kroah-Hartman
parent
91f7c8cbc8
commit
44ce8f8725
1 changed files with 2 additions and 0 deletions
|
|
@ -21,6 +21,7 @@
|
|||
#include <linux/module.h>
|
||||
#include <linux/net.h>
|
||||
#include <linux/rwsem.h>
|
||||
#include <linux/security.h>
|
||||
|
||||
struct alg_type_list {
|
||||
const struct af_alg_type *type;
|
||||
|
|
@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
|
|||
|
||||
sock_init_data(newsock, sk2);
|
||||
sock_graft(sk2, newsock);
|
||||
security_sk_clone(sk, sk2);
|
||||
|
||||
err = type->accept(ask->private, sk2);
|
||||
if (err) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue