UBUNTU: SAUCE: LSM stacking: add support for stacking getpeersec_stream

BugLink: http://bugs.launchpad.net/bugs/1763062
getpeersec_stream needs to use the "current" display LSM set by the
prctl.

Split out the getpeersec_stream implementation from the full stacking
patch.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/security/security.c b/security/security.c
index 1cdb8e1e9d3bbc09440e1c63bca16f90ff34200d..2b5f81df6a3629e83fc04e28195fc2c74dddb4e8 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -1895,8 +1895,21 @@ EXPORT_SYMBOL(security_sock_rcv_skb);
 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
                                      int __user *optlen, unsigned len)
 {
+#ifdef CONFIG_SECURITY_STACKING
+       struct security_hook_list *hp;
+       char *lsm = lsm_of_task(current);
+
+       list_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream,
+                                                                       list) {
+               if (!lsm || !lsm[0] || !strcmp(lsm, hp->lsm))
+                       return hp->hook.socket_getpeersec_stream(sock, optval,
+                                               optlen, len);
+       }
+       return -ENOPROTOOPT;
+#else
        return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock,
                                optval, optlen, len);
+#endif
 }
 
 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)