From patchwork Wed Jul 18 09:48:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Piotr Sawicki X-Patchwork-Id: 10531963 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B3528600F4 for ; Wed, 18 Jul 2018 09:48:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9B1F529036 for ; Wed, 18 Jul 2018 09:48:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8E1E82903C; Wed, 18 Jul 2018 09:48:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, FORGED_MUA_MOZILLA, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 90FFB29036 for ; Wed, 18 Jul 2018 09:48:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730735AbeGRKZw (ORCPT ); Wed, 18 Jul 2018 06:25:52 -0400 Received: from mailout2.w1.samsung.com ([210.118.77.12]:51800 "EHLO mailout2.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729619AbeGRKZw (ORCPT ); Wed, 18 Jul 2018 06:25:52 -0400 Received: from eucas1p2.samsung.com (unknown [182.198.249.207]) by mailout2.w1.samsung.com (KnoxPortal) with ESMTP id 20180718094845euoutp0282acf2f51b1e344db585f62443bde335~CbZio6NW90061100611euoutp02M for ; Wed, 18 Jul 2018 09:48:45 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com 20180718094845euoutp0282acf2f51b1e344db585f62443bde335~CbZio6NW90061100611euoutp02M DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1531907325; bh=PlKFkxHmt91Q0yX3quoxygEeXduogVv8m1O0Eo5wiMQ=; h=From:Subject:To:Date:References:From; b=O06K9YTpfC7ClIsCsrViqgAxS7u3BWlptLpMD8++mreLujSubbLfsNuiDXV3eBBwB Ajj4OTsnN8C/AvO5XH7uVYnum6cNAtHzDJU0B8gu9C5tvcaGO1lTfENQgFmqYOdH6h JZpcSDi45BzV68gZAqrRuTmjqsrvq7Fm6CRcGjKA= Received: from eusmges1new.samsung.com (unknown [203.254.199.242]) by eucas1p2.samsung.com (KnoxPortal) with ESMTP id 20180718094844eucas1p23ae29fbea1cb7be99c2510cdfc9191eb~CbZhbkRVi0348603486eucas1p2G; Wed, 18 Jul 2018 09:48:44 +0000 (GMT) Received: from eucas1p2.samsung.com ( [182.198.249.207]) by eusmges1new.samsung.com (EUCPMTA) with SMTP id C0.C1.04627.CFC0F4B5; Wed, 18 Jul 2018 10:48:44 +0100 (BST) Received: from eusmtrp2.samsung.com (unknown [182.198.249.139]) by eucas1p1.samsung.com (KnoxPortal) with ESMTPA id 20180718094843eucas1p11e28e30f0faa996180004f709f0bf1d7~CbZgqarvU1214612146eucas1p18; Wed, 18 Jul 2018 09:48:43 +0000 (GMT) Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by eusmtrp2.samsung.com (KnoxPortal) with ESMTP id 20180718094843eusmtrp221632e61042da3404e8f4177a6289f00~CbZgafWHA0986709867eusmtrp2J; Wed, 18 Jul 2018 09:48:43 +0000 (GMT) X-AuditID: cbfec7f2-0edff70000021213-f3-5b4f0cfceb3f Received: from eusmtip2.samsung.com ( [203.254.199.222]) by eusmgms2.samsung.com (EUCPMTA) with SMTP id ED.B9.04183.BFC0F4B5; Wed, 18 Jul 2018 10:48:43 +0100 (BST) Received: from [106.120.51.16] (unknown [106.120.51.16]) by eusmtip2.samsung.com (KnoxPortal) with ESMTPA id 20180718094843eusmtip27bbf1b45696691a095e1066105c6d88e~CbZgIznKV1335513355eusmtip2m; Wed, 18 Jul 2018 09:48:42 +0000 (GMT) From: Piotr Sawicki Subject: [PATCH v1 RFC] Smack: Check UDP-Lite and DCCP protocols during IPv6 handling To: LSM , Casey Schaufler , jmorris@namei.org, serge@hallyn.com, "SMACK-discuss@lists.01.org" Newsgroups: gmane.linux.kernel.lsm X-Mozilla-News-Host: news://news.gmane.org Date: Wed, 18 Jul 2018 11:48:41 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Language: en-US X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBKsWRmVeSWpSXmKPExsWy7djP87p/ePyjDfr7WC3ubfvFZrFu/WIm iw89j9gs3r9awGpx/sI5dourSzeyO7B5XNsd6dE9+x+LR8/3ZI+D7/YweRzdv4jN4/MmuQC2 KC6blNSczLLUIn27BK6MRd9fMxdc56xoXunVwPiSvYuRk0NCwETi2uZlLF2MXBxCAisYJY71 tkM5XxglHnSdhHI+M0p833qCEaZlZ8MPVojEckaJC/dnQzlvGSX2LZnCBFLFBlTVs+4nC4gt LBAu0f/vORNIkYjAXkaJDT/egSX4BJQk7r35wwoxVkvi1M6dYHEWAVWJF917wGxRgQiJIw8W gq3mFRCUODnzCVicWUBc4taT+UwQtrzE9rdzmEEWSAgsYpe49PwaC0RDmcSkLTvZIBa4SJxe vQLqbWGJV8e3QNkyEv93QgySEKiX6F1/jA1iUA+jROvWeVDN1hKfJ20B2sABtE1TYv0ufYiw o8TDAy9ZQMISAnwSN94KQtzDJzFp23RmiDCvREebEES1jsSbviVQ1VISi7rzJjAqzULy2Cwk j81C8tgshLULGFlWMYqnlhbnpqcWG+allusVJ+YWl+al6yXn525iBKaf0/+Of9rB+PVS0iFG AQ5GJR7ejL++0UKsiWXFlbmHGCU4mJVEeA++94sW4k1JrKxKLcqPLyrNSS0+xCjNwaIkzhun URclJJCeWJKanZpakFoEk2Xi4JRqYKw0OiK29HCEVNX+DOZkt29HyyMfnj5hHjn1aGPMI9by bKk+Hiap9Rr7Hy4O/T91xzFm63uXDU4sv+z4MzF5Lqv+8/Nc6Q7TX0u7WAbsWbXh2GH1T38S Atbq3DstYdjfMzPFR+bOHkmdqO3vnr7TXTx1ss8ZJvHOH7l1FydNL9vlc9tAX09rmqoSS3FG oqEWc1FxIgDF3zfSOwMAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHIsWRmVeSWpSXmKPExsVy+t/xe7q/efyjDXZ9FbS4t+0Xm8W69YuZ LD70PGKzeP9qAavF+Qvn2C2uLt3I7sDmcW13pEf37H8sHj3fkz0OvtvD5HF0/yI2j8+b5ALY ovRsivJLS1IVMvKLS2yVog0tjPQMLS30jEws9QyNzWOtjEyV9O1sUlJzMstSi/TtEvQyFn1/ zVxwnbOieaVXA+NL9i5GTg4JAROJnQ0/WEFsIYGljBLnT+tCxKUk5v7bC1UjLPHnWhdbFyMX UM1rRonffz4zgSTYgJp71v1kAbGFBcIl+v89ZwIpEhHYyyixaV43WIJPQEni3ps/rBCTtCRO 7dwJFucVcJO4dPk+2CAWAVWJF917wOKiAhESq5e/YIWoEZQ4OfMJWJxZwExi3uaHzBC2uMSt J/OZIGx5ie1v5zBPYBSchaRlFpKWWUhaZiFpWcDIsopRJLW0ODc9t9hIrzgxt7g0L10vOT93 EyMwrrYd+7llB2PXu+BDjAIcjEo8vAf++0YLsSaWFVfmHmKU4GBWEuE9+N4vWog3JbGyKrUo P76oNCe1+BCjKdBDE5mlRJPzgTGfVxJvaGpobmFpaG5sbmxmoSTOe96gMkpIID2xJDU7NbUg tQimj4mDU6qBMUJ/hvArppfJR88k/Zt/sS3t/cJ4/5DgeTrxPSunLTbqr/85yVP1vMd9R8Og h+en23YHnt2u8zXt1OIDvPcvRSYl/Ki2mPB70tojZXPK84M3vuJW4NymELtfxevVs18fFkV8 8ZGUP3/95uqPh2a9+HaR1ZVDQ63pe9o2F0XJSFGhH4Ynb+2P+q7EUpyRaKjFXFScCAATJz05 wQIAAA== Message-Id: <20180718094843eucas1p11e28e30f0faa996180004f709f0bf1d7~CbZgqarvU1214612146eucas1p18@eucas1p1.samsung.com> X-CMS-MailID: 20180718094843eucas1p11e28e30f0faa996180004f709f0bf1d7 X-Msg-Generator: CA X-RootMTR: 20180718094843eucas1p11e28e30f0faa996180004f709f0bf1d7 X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20180718094843eucas1p11e28e30f0faa996180004f709f0bf1d7 References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The smack_socket_sock_rcv_skb() function is checking smack labels only for UDP and TCP frames carried in IPv6 packets. From now on, it is able also to handle UDP-Lite and DCCP protocols. --- security/smack/smack_lsm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) sip->sin6_port = uh->source; @@ -3986,7 +3987,8 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) #if IS_ENABLED(CONFIG_IPV6) case PF_INET6: proto = smk_skb_to_addr_ipv6(skb, &sadd); - if (proto != IPPROTO_UDP && proto != IPPROTO_TCP) + if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && + proto != IPPROTO_TCP && proto != IPPROTO_DCCP) break; #ifdef SMACK_IPV6_SECMARK_LABELING if (skb && skb->secmark != 0) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 8b6cd5a..c2282ac 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3896,6 +3896,7 @@ static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) sip->sin6_port = th->source; break; case IPPROTO_UDP: + case IPPROTO_UDPLITE: uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); if (uh != NULL)