Smack: Provide information for UDS getsockopt(SO_PEERCRED)

This patch is targeted for the smack-next tree. This patch takes advantage of the recent changes for performance and points the packet labels on UDS connect at the output label of the far side. This makes getsockopt(...SO_PEERCRED...) function properly. Without this change the getsockopt does not provide any information. Signed-off-by: Casey Schaufler <[email protected]>
sum-it · Oct 12, 2011 · 975d5e5 · 975d5e5
1 parent ce8a432
commit 975d5e5
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
@@ -2773,6 +2773,7 @@ static int smack_unix_stream_connect(struct sock *sock,
 {
 	struct socket_smack *ssp = sock->sk_security;
 	struct socket_smack *osp = other->sk_security;
+	struct socket_smack *nsp = newsk->sk_security;
 	struct smk_audit_info ad;
 	int rc = 0;
 
@@ -2782,6 +2783,14 @@ static int smack_unix_stream_connect(struct sock *sock,
 	if (!capable(CAP_MAC_OVERRIDE))
 		rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
 
+	/*
+	 * Cross reference the peer labels for SO_PEERSEC.
+	 */
+	if (rc == 0) {
+		nsp->smk_packet = ssp->smk_out;
+		ssp->smk_packet = osp->smk_out;
+	}
+
 	return rc;
 }