android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
be20af2458
android_kernel_xiaomi_sm8450/net/dccp
History
Kuniyuki Iwashima 4969fcebe7 dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 
[ Upstream commit 23be1e0e2a83a8543214d2599a31d9a2185a796b ]

Initially, commit 4237c75c0a ("[MLSXFRM]: Auto-labeling of child
sockets") introduced security_inet_conn_request() in some functions
where reqsk is allocated.  The hook is added just after the allocation,
so reqsk's IPv6 remote address was not initialised then.

However, SELinux/Smack started to read it in netlbl_req_setattr()
after commit e1adea9270 ("calipso: Allow request sockets to be
relabelled by the lsm.").

Commit 284904aa79 ("lsm: Relocate the IPv4 security_inet_conn_request()
hooks") fixed that kind of issue only in TCPv4 because IPv6 labeling was
not supported at that time.  Finally, the same issue was introduced again
in IPv6.

Let's apply the same fix on DCCPv6 and TCPv6.

Fixes: e1adea9270 ("calipso: Allow request sockets to be relabelled by the lsm.")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-11-20 11:06:55 +01:00
..
ccids net: dccp: Convert to use the preferred fallthrough macro 2020-08-22 12:38:34 -07:00
ackvec.c net: dccp: delete repeated words 2020-08-24 17:31:20 -07:00
ackvec.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ccid.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ccid.h net: dccp: Replace zero-length array with flexible-array member 2020-02-28 12:08:37 -08:00
dccp.h dccp: Call inet6_destroy_sock() via sk->sk_destruct(). 2023-04-26 11:27:42 +02:00
diag.c inet_diag: Move the INET_DIAG_REQ_BYTECODE nlattr to cb->data 2020-02-27 18:50:19 -08:00
feat.c net: dccp: Convert to use the preferred fallthrough macro 2020-08-22 12:38:34 -07:00
feat.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
input.c net: dccp: Convert to use the preferred fallthrough macro 2020-08-22 12:38:34 -07:00
ipv4.c dccp: Call security_inet_conn_request() after setting IPv4 addresses. 2023-11-20 11:06:55 +01:00
ipv6.c dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:06:55 +01:00
ipv6.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Kconfig dccp: Replace HTTP links with HTTPS ones 2020-07-13 11:54:07 -07:00
Makefile net: dccp: Remove dccpprobe module 2018-01-02 14:27:30 -05:00
minisocks.c dccp: don't duplicate ccid when cloning dccp sock 2021-09-22 12:27:56 +02:00
options.c net: dccp: Convert to use the preferred fallthrough macro 2020-08-22 12:38:34 -07:00
output.c dccp: fix data-race around dp->dccps_mss_cache 2023-08-16 18:21:01 +02:00
proto.c dccp: annotate data-races in dccp_poll() 2023-08-30 16:23:12 +02:00
qpolicy.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 389 2019-06-05 17:37:11 +02:00
sysctl.c proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
timer.c inet: remove icsk_ack.blocked 2020-09-30 14:21:30 -07:00
trace.h net: dccp: Add DCCP sendmsg trace event 2018-01-02 14:27:30 -05:00