Re: [Patch 1/1] updated: TCP/UDP getpeersec

Fri, 10 Feb 2006 10:20:30 -0800 

Catherine,
My mailer may have been acting up, but the from header of your email had
[EMAIL PROTECTED] instead of [EMAIL PROTECTED] :-)

> diff -puN security/selinux/hooks.c~lsm-secpeer security/selinux/hooks.c
> --- linux-2.6.16-rc1/security/selinux/hooks.c~lsm-secpeer     2006-02-01 
> 00:55:23.000000000 -0500
> +++ linux-2.6.16-rc1-cxzhang/security/selinux/hooks.c 2006-02-03 
> 16:38:06.000000000 -0500
> @@ -3358,24 +3358,38 @@ out:  
>       return err;
>  }
>  
> -static int selinux_socket_getpeersec(struct socket *sock, char __user 
> *optval,
> -                                  int __user *optlen, unsigned len)
> +static int selinux_socket_getpeersec_stream(struct socket *sock, char __user 
> *optval,
> +                                         int __user *optlen, unsigned len)
>  {
>       int err = 0;
>       char *scontext;
>       u32 scontext_len;
>       struct sk_security_struct *ssec;
>       struct inode_security_struct *isec;
> +     u32 peer_sid = 0;
>  
>       isec = SOCK_INODE(sock)->i_security;
> -     if (isec->sclass != SECCLASS_UNIX_STREAM_SOCKET) {
> +
> +     /* if UNIX_STREAM check peer_sid, if TCP check dst for labelled sa */
> +     if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET) {
> +             ssec = sock->sk->sk_security;
> +             peer_sid = ssec->peer_sid;
> +     }
> +     else if (isec->sclass == SECCLASS_TCP_SOCKET) {
> +             peer_sid = selinux_socket_getpeer_stream(sock->sk);
> +
> +             if (peer_sid == SECSID_NULL) {
> +                     err = -ENOPROTOOPT;
> +                     goto out;
> +             }
I am just wondering about something... 
Should a peer_sid of 0 or SECSID_NULL be an error here if
the connection doesn't have a transform? I understand we only get
peer's context if a xfrm is involved, but I am thinking
most user applications may not kno or care if there is a xfrm. 
If not treated as an error, it looks like security_to_sid_context()
would just return "null" for context. Would that be acceptable? 

Perhaps it is just important that we document the behaviour because
I am thinking most user apps will not care or know if ipsec is 
running, so programmers may use this socket option to get peer 
context and may need to understand why they received an error of
ENOPROTOOPT. 

> }
> +     else {
>               err = -ENOPROTOOPT;
>               goto out;
>       }
>  
> -     ssec = sock->sk->sk_security;
> -     
> -     err = security_sid_to_context(ssec->peer_sid, &scontext, &scontext_len);
> +     err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
> +
>       if (err)
>               goto out;
>  
> @@ -3396,6 +3410,23 @@ out:   
>       return err;
>  }
>  
> +

Regards,
Joy
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to