Code Review / AGL / meta-agl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
linux-yocto: remove redundant patches from recipe
[AGL/meta-agl.git] / meta-app-framework / recipes-kernel / linux / linux / linux-yocto-4.12 / 0001-Smack-File-receive-for-sockets.patch
diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0001-Smack-File-receive-for-sockets.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0001-Smack-File-receive-for-sockets.patch
deleted file mode 100644 (file)
index 4021e5d..0000000
--- a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0001-Smack-File-receive-for-sockets.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 2b206c36b16e72cfe41cd22448d8527359ffd962 Mon Sep 17 00:00:00 2001
-From: Casey Schaufler <casey@schaufler-ca.com>
-Date: Mon, 7 Dec 2015 14:34:32 -0800
-Subject: [PATCH 1/4] Smack: File receive for sockets
-
-The existing file receive hook checks for access on
-the file inode even for UDS. This is not right, as
-the inode is not used by Smack to make access checks
-for sockets. This change checks for an appropriate
-access relationship between the receiving (current)
-process and the socket. If the process can't write
-to the socket's send label or the socket's receive
-label can't write to the process fail.
-
-This will allow the legitimate cases, where the
-socket sender and socket receiver can freely communicate.
-Only strangly set socket labels should cause a problem.
-
-Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
----
- security/smack/smack_lsm.c | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
-
-diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index ff81026..b20ef06 100644
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file)
-       int may = 0;
-       struct smk_audit_info ad;
-       struct inode *inode = file_inode(file);
-+      struct socket *sock;
-+      struct task_smack *tsp;
-+      struct socket_smack *ssp;
-       if (unlikely(IS_PRIVATE(inode)))
-               return 0;
-       smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
-       smk_ad_setfield_u_fs_path(&ad, file->f_path);
-+
-+      if (S_ISSOCK(inode->i_mode)) {
-+              sock = SOCKET_I(inode);
-+              ssp = sock->sk->sk_security;
-+              tsp = current_security();
-+              /*
-+               * If the receiving process can't write to the
-+               * passed socket or if the passed socket can't
-+               * write to the receiving process don't accept
-+               * the passed socket.
-+               */
-+              rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
-+              rc = smk_bu_file(file, may, rc);
-+              if (rc < 0)
-+                      return rc;
-+              rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
-+              rc = smk_bu_file(file, may, rc);
-+              return rc;
-+      }
-       /*
-        * This code relies on bitmasks.
-        */
--- 
-2.7.4
-
meta-agl layer (core AGL)