diff options
| author | Lukasz Skalski <l.skalski@samsung.com> | 2015-08-24 18:54:46 +0200 |
|---|---|---|
| committer | Seung-Woo Kim <sw0312.kim@samsung.com> | 2016-12-14 13:48:52 +0900 |
| commit | 7defeda7479e9bc46f179788d2ed1061650334b4 (patch) | |
| tree | 96ad0bfb21d5f6d065900639d0d3196724be8828 /ipc | |
| parent | 3383825d9e8324c5c72c20049267bc1c7ecb6d3c (diff) | |
kdbus: disable internal kdbus policy
Possibilities of connections to own, see and talk to well-known names
are already restricted by LSM hooks.
Signed-off-by: Lukasz Skalski <l.skalski@samsung.com>
Diffstat (limited to 'ipc')
| -rw-r--r-- | ipc/kdbus/connection.c | 6 | ||||
| -rw-r--r-- | ipc/kdbus/names.c | 3 |
2 files changed, 9 insertions, 0 deletions
diff --git a/ipc/kdbus/connection.c b/ipc/kdbus/connection.c index a67d0f32cc41..b3b081c27297 100644 --- a/ipc/kdbus/connection.c +++ b/ipc/kdbus/connection.c @@ -1218,10 +1218,13 @@ static struct kdbus_reply *kdbus_conn_call(struct kdbus_conn *src, if (ret) goto exit; + /* Disable internal kdbus policy - possibilities of connections to own, + * see and talk to well-known names are restricted by LSM hooks if (!kdbus_conn_policy_talk(src, current_cred(), dst)) { ret = -EPERM; goto exit; } + */ wait = kdbus_reply_new(dst, src, &kmsg->msg, name, true); if (IS_ERR(wait)) { @@ -1300,9 +1303,12 @@ static int kdbus_conn_unicast(struct kdbus_conn *src, struct kdbus_kmsg *kmsg) if (!kdbus_match_db_match_kmsg(dst->match_db, src, kmsg) || !kdbus_conn_policy_talk(dst, NULL, src)) goto exit; + /* Disable internal kdbus policy - possibilities of connections to own, + * see and talk to well-known names are restricted by LSM hooks } else if (!kdbus_conn_policy_talk(src, current_cred(), dst)) { ret = -EPERM; goto exit; + */ } else if (kmsg->msg.flags & KDBUS_MSG_EXPECT_REPLY) { wait = kdbus_reply_new(dst, src, &kmsg->msg, name, false); if (IS_ERR(wait)) { diff --git a/ipc/kdbus/names.c b/ipc/kdbus/names.c index df99e4df815b..90e0c016f66e 100644 --- a/ipc/kdbus/names.c +++ b/ipc/kdbus/names.c @@ -290,10 +290,13 @@ int kdbus_name_acquire(struct kdbus_name_registry *reg, down_write(®->rwlock); + /* Disable internal kdbus policy - possibilities of connections to own, + * see and talk to well-known names are restricted by LSM hooks if (!kdbus_conn_policy_own_name(conn, current_cred(), name)) { ret = -EPERM; goto exit_unlock; } + */ hash = kdbus_strhash(name); e = kdbus_name_find(reg, hash, name); |