Merge tag 'Smack-for-6.10' of https://github.com/cschaufler/smack-next

Pull smack updates from Casey Schaufler: "Two fixes for Smack networking labeling by Konstantin Andreev" * tag 'Smack-for-6.10' of https://github.com/cschaufler/smack-next: smack: unix sockets: fix accept()ed socket label smack: tcp: ipv4, fix incorrect labeling
caleberi · Jul 16, 2024 · 42b5a01 · 42b5a01
2 parents 11ab4cd + e86cac0
commit 42b5a01
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
@@ -3871,12 +3871,18 @@ static int smack_unix_stream_connect(struct sock *sock,
 		}
 	}
 
-	/*
-	 * Cross reference the peer labels for SO_PEERSEC.
-	 */
 	if (rc == 0) {
+		/*
+		 * Cross reference the peer labels for SO_PEERSEC.
+		 */
 		nsp->smk_packet = ssp->smk_out;
 		ssp->smk_packet = osp->smk_out;
+
+		/*
+		 * new/child/established socket must inherit listening socket labels
+		 */
+		nsp->smk_out = osp->smk_out;
+		nsp->smk_in  = osp->smk_in;
 	}
 
 	return rc;
@@ -4456,7 +4462,7 @@ static int smack_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
 	rcu_read_unlock();
 
 	if (hskp == NULL)
-		rc = netlbl_req_setattr(req, &skp->smk_netlabel);
+		rc = netlbl_req_setattr(req, &ssp->smk_out->smk_netlabel);
 	else
 		netlbl_req_delattr(req);