On 02/20/2014 10:38 AM, Tai Nguyen (tainguye) wrote:
> Our BT folks said net/bluetooth create child sockets for each protocol, which
> do not call security API, thus, the child socket doesn’t have label.
> They suggested the following change for l2cap_sock.c
>
> void l2cap_sock_init(struct sock *sk, struct sock *parent)
> {
> struct l2cap_pinfo *pi = l2cap_pi(sk);
>
> BT_DBG("sk %p parent %p", sk, parent);
>
> if (parent) {
> sk->sk_type = parent->sk_type;
> sk->sk_rcvbuf = parent->sk_rcvbuf;
> sk->sk_sndbuf = parent->sk_sndbuf;
> bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
>
> pi->imtu = l2cap_pi(parent)->imtu;
> pi->omtu = l2cap_pi(parent)->omtu;
> pi->conf_state = l2cap_pi(parent)->conf_state;
> pi->mode = l2cap_pi(parent)->mode;
> pi->fcs = l2cap_pi(parent)->fcs;
> pi->max_tx = l2cap_pi(parent)->max_tx;
> pi->tx_win = l2cap_pi(parent)->tx_win;
> pi->sec_level = l2cap_pi(parent)->sec_level;
> pi->role_switch = l2cap_pi(parent)->role_switch;
> pi->force_reliable = l2cap_pi(parent)->force_reliable;
> pi->flushable = l2cap_pi(parent)->flushable;
> pi->force_active = l2cap_pi(parent)->force_active;
> pi->amp_pref = l2cap_pi(parent)->amp_pref;
> security_sk_clone(parent, sk); // <<< Cloning the context from the parent
> }
>
> Similar changes also needed for rfcomm/sock.c in function
> rfcomm_sock_init(sk, parent).
>
> After applying the patch, I don’t see the unlabeled socket audit messages
> anymore. However, I don’t see the same code in the msm kernel in branch 4.4.2.
> Thus, I want to check if the msm kernel also has the same issue or the msm
> kernel fix the problem differently.
Possibly we don't encounter this because Android is not using blueZ anymore.
What you describe sounds like a gap in the mainline kernel; will take it
up with upstream.
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
