From: John Johansen <john.johansen@canonical.com>
Date: Tue, 26 Sep 2017 19:12:35 +0000 (-0400)
Subject: UBUNTU: SAUCE: LSM stacking: add support for stacking getpeersec_stream
X-Git-Tag: Ubuntu-4.15.0-16.17~355
X-Git-Url: https://git.proxmox.com/?p=mirror_ubuntu-bionic-kernel.git;a=commitdiff_plain;h=8e42f92be6098c1365631440df87f5a5e6f6635c

UBUNTU: SAUCE: LSM stacking: add support for stacking getpeersec_stream

BugLink: http://bugs.launchpad.net/bugs/1763062

getpeersec_stream needs to use the "current" display LSM set by the
prctl.

Split out the getpeersec_stream implementation from the full stacking
patch.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---

diff --git a/security/security.c b/security/security.c
index 1cdb8e1e9d3b..2b5f81df6a36 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1895,8 +1895,21 @@ EXPORT_SYMBOL(security_sock_rcv_skb);
 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 				      int __user *optlen, unsigned len)
 {
+#ifdef CONFIG_SECURITY_STACKING
+	struct security_hook_list *hp;
+	char *lsm = lsm_of_task(current);
+
+	list_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream,
+									list) {
+		if (!lsm || !lsm[0] || !strcmp(lsm, hp->lsm))
+			return hp->hook.socket_getpeersec_stream(sock, optval,
+						optlen, len);
+	}
+	return -ENOPROTOOPT;
+#else
 	return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock,
 				optval, optlen, len);
+#endif
 }
 
 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)