From patchwork Fri May 4 14:28:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Herrmann X-Patchwork-Id: 908785 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="NWLLskfc"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40cvYn758Sz9s1d for ; Sat, 5 May 2018 00:30:21 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751777AbeEDO3r (ORCPT ); Fri, 4 May 2018 10:29:47 -0400 Received: from mail-wr0-f195.google.com ([209.85.128.195]:41610 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751519AbeEDO3n (ORCPT ); Fri, 4 May 2018 10:29:43 -0400 Received: by mail-wr0-f195.google.com with SMTP id g21-v6so21291499wrb.8; Fri, 04 May 2018 07:29:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4pXhCCZFpE7JS/nGNLy23AAPmemE36eXbcQyJ6dReL4=; b=NWLLskfccf74GIGFF0WIEHi+y99/EEgcSnou9q8zimgP9vOH5WT7twQlvdiMEkejU8 Jda2I4CFSB0kT6+vFjMvkO4BX9aaYBbPl+c5UBUc/rDfQ8HqOutFqNlNgM3hwUC9KkMv OsEpixDaaGBLrUK+ak1sWMoKMVAC+Fhk29oq5cz1gqCPNcHP2l5gIXiyhC0OYvJbHdoT PQvo6ziALd4QdOzG8x9nFuZhOuRXeYszSj62JhKTuqQLkFfUMfZes8aWhD00i5ZLhkG6 PQFnroeZKWZtP2DQftzGiGnKpZLyKvkE/f6+AG3X+hggMJOMHVIciV6PPsW5wM7AZz9Y QCag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4pXhCCZFpE7JS/nGNLy23AAPmemE36eXbcQyJ6dReL4=; b=BxikJhUuHK6aSSbaD+Ru93/+nvH9JtHoi+Rq2F6Peo0zLj07ou5C2LxLwL3xmptCgc ZikqCmQid3/k8SfTGrOyA3T9Z/SHH63HVda7kGoox4L2tRnY8daLeTVBfTIOtUm45P1f ixY17tI9MoUyey/UvqIM9Xn8r7yvnl+9WQ3RWW+xI/x/+D/2kw3dtNgfl8na2K5PGAaR X/jvn95osAb3jC7jKeuC35Xp8gqwZz+NNsqK5Wz0EjY1WkFW45yM9s+KF7lHGrIrcG4T J6p0ALB1p8sQkpALa3RDRPOPBXZzZHhnXzB9nZPcyVQBPyrYJLl/NZjhm15mhtTA+6RS 775Q== X-Gm-Message-State: ALQs6tAXPmfsKQTiayVN66tyT4IeHghuRO56nsNj+styKr9BdTCwX3Wl b6aOxt6SB5fpBgccu6GGJ9ltzg== X-Google-Smtp-Source: AB8JxZrEYGoK+4Gzhepx/xLIshJHe4phDdNznWL8wMEwO3MH/cCzLDC2/GUG9S0Z/Lri2zeay4HO0A== X-Received: by 2002:adf:9d0d:: with SMTP id k13-v6mr22848793wre.179.1525444182037; Fri, 04 May 2018 07:29:42 -0700 (PDT) Received: from david-x1.fritz.box (p200300C2A3D634001758913C97055056.dip0.t-ipconnect.de. [2003:c2:a3d6:3400:1758:913c:9705:5056]) by smtp.gmail.com with ESMTPSA id h8-v6sm1474907wmc.16.2018.05.04.07.29.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 May 2018 07:29:41 -0700 (PDT) From: David Herrmann To: linux-kernel@vger.kernel.org Cc: James Morris , Paul Moore , teg@jklm.no, Stephen Smalley , selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, Eric Paris , serge@hallyn.com, Casey Schaufler , davem@davemloft.net, netdev@vger.kernel.org, David Herrmann Subject: [PATCH v2 2/4] net: hook socketpair() into LSM Date: Fri, 4 May 2018 16:28:20 +0200 Message-Id: <20180504142822.15233-3-dh.herrmann@gmail.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180504142822.15233-1-dh.herrmann@gmail.com> References: <20180504142822.15233-1-dh.herrmann@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Use the newly created LSM-hook for socketpair(). The default hook return-value is 0, so behavior stays the same unless LSMs start using this hook. Acked-by: Serge Hallyn Signed-off-by: Tom Gundersen Signed-off-by: David Herrmann Acked-by: David S. Miller --- net/socket.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/socket.c b/net/socket.c index f10f1d947c78..667a7b397134 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1420,6 +1420,13 @@ int __sys_socketpair(int family, int type, int protocol, int __user *usockvec) goto out; } + err = security_socket_socketpair(sock1, sock2); + if (unlikely(err)) { + sock_release(sock2); + sock_release(sock1); + goto out; + } + err = sock1->ops->socketpair(sock1, sock2); if (unlikely(err < 0)) { sock_release(sock2);