aboutsummaryrefslogtreecommitdiff
path: root/security/smack/smack.h
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2014-04-10 16:37:08 -0700
committerCasey Schaufler <casey@schaufler-ca.com>2014-04-11 14:35:28 -0700
commit54e70ec5eb090193b03e69d551fa6771a5a217c4 (patch)
treef015da7353f4824800a5fc6a89442f37628f62d1 /security/smack/smack.h
parentf59bdfba3e2b0ba5182f23d96101d106f18132ca (diff)
downloadlinux-54e70ec5eb090193b03e69d551fa6771a5a217c4.tar.gz
Smack: bidirectional UDS connect check
Smack IPC policy requires that the sender have write access to the receiver. UDS streams don't do per-packet checks. The only check is done at connect time. The existing code checks if the connecting process can write to the other, but not the other way around. This change adds a check that the other end can write to the connecting process. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schuafler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r--security/smack/smack.h6
1 files changed, 3 insertions, 3 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index fade085b1128..020307ef0972 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -80,8 +80,8 @@ struct superblock_smack {
struct socket_smack {
struct smack_known *smk_out; /* outbound label */
- char *smk_in; /* inbound label */
- char *smk_packet; /* TCP peer label */
+ struct smack_known *smk_in; /* inbound label */
+ struct smack_known *smk_packet; /* TCP peer label */
};
/*
@@ -133,7 +133,7 @@ struct smk_port_label {
struct list_head list;
struct sock *smk_sock; /* socket initialized on */
unsigned short smk_port; /* the port number */
- char *smk_in; /* incoming label */
+ struct smack_known *smk_in; /* inbound label */
struct smack_known *smk_out; /* outgoing label */
};