diff options
author | Casey Schaufler <casey@schaufler-ca.com> | 2014-04-10 16:37:08 -0700 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2014-04-11 14:35:28 -0700 |
commit | 54e70ec5eb090193b03e69d551fa6771a5a217c4 (patch) | |
tree | f015da7353f4824800a5fc6a89442f37628f62d1 /security/smack/smack.h | |
parent | f59bdfba3e2b0ba5182f23d96101d106f18132ca (diff) |
Smack: bidirectional UDS connect check
Smack IPC policy requires that the sender have write access
to the receiver. UDS streams don't do per-packet checks. The
only check is done at connect time. The existing code checks
if the connecting process can write to the other, but not the
other way around. This change adds a check that the other end
can write to the connecting process.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schuafler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r-- | security/smack/smack.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index fade085b1128..020307ef0972 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -80,8 +80,8 @@ struct superblock_smack { struct socket_smack { struct smack_known *smk_out; /* outbound label */ - char *smk_in; /* inbound label */ - char *smk_packet; /* TCP peer label */ + struct smack_known *smk_in; /* inbound label */ + struct smack_known *smk_packet; /* TCP peer label */ }; /* @@ -133,7 +133,7 @@ struct smk_port_label { struct list_head list; struct sock *smk_sock; /* socket initialized on */ unsigned short smk_port; /* the port number */ - char *smk_in; /* incoming label */ + struct smack_known *smk_in; /* inbound label */ struct smack_known *smk_out; /* outgoing label */ }; |