git.maquefel.me Git - linux.git/commit

author	Xin Long <lucien.xin@gmail.com>
	Tue, 2 Nov 2021 12:02:47 +0000 (08:02 -0400)
committer	David S. Miller <davem@davemloft.net>
	Wed, 3 Nov 2021 11:09:20 +0000 (11:09 +0000)
commit	c081d53f97a1a90a38e4296dd3d6fda5e38dca2c
tree	f26464a1cb69209c3704ad448b23bb82279f8472	tree \| snapshot
parent	843c3cbbdf89e8a2801363c3837f43557568d08f	commit \| diff

security: pass asoc to sctp_assoc_request and sctp_sk_clone

This patch is to move secid and peer_secid from endpoint to association,
and pass asoc to sctp_assoc_request and sctp_sk_clone instead of ep. As
ep is the local endpoint and asoc represents a connection, and in SCTP
one sk/ep could have multiple asoc/connection, saving secid/peer_secid
for new asoc will overwrite the old asoc's.

Note that since asoc can be passed as NULL, security_sctp_assoc_request()
is moved to the place right after the new_asoc is created in
sctp_sf_do_5_1B_init() and sctp_sf_do_unexpected_init().

v1->v2:
- fix the description of selinux_netlbl_skbuff_setsid(), as Jakub noticed.
- fix the annotation in selinux_sctp_assoc_request(), as Richard Noticed.

Fixes: 72e89f50084c ("security: Add support for SCTP security hooks")
Reported-by: Prashanth Prahlad <pprahlad@redhat.com>
Reviewed-by: Richard Haines <richard_c_haines@btinternet.com>
Tested-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Documentation/security/SCTP.rst		diff \| blob \| history
include/linux/lsm_hook_defs.h		diff \| blob \| history
include/linux/lsm_hooks.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
include/net/sctp/structs.h		diff \| blob \| history
net/sctp/sm_statefuns.c		diff \| blob \| history
net/sctp/socket.c		diff \| blob \| history
security/security.c		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history
security/selinux/include/netlabel.h		diff \| blob \| history
security/selinux/netlabel.c		diff \| blob \| history