From 0e7c6196c0777e12078cfd0ce8a64fe562c7d7fd Mon Sep 17 00:00:00 2001 From: liangbotong Date: Mon, 10 Apr 2023 09:55:46 +0800 Subject: [PATCH] =?UTF-8?q?Newip=20socket=20SELinux=E5=AF=B9=E8=B1=A1?= =?UTF-8?q?=E8=A7=92=E8=89=B2=E6=9C=AA=E6=A0=87=E8=AE=B0=E7=9A=84=E9=97=AE?= =?UTF-8?q?=E9=A2=98=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: liangbotong --- src/linux/net/newip/tcp_nip_input.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/linux/net/newip/tcp_nip_input.c b/src/linux/net/newip/tcp_nip_input.c index c8ef3a6..0e3b1ff 100644 --- a/src/linux/net/newip/tcp_nip_input.c +++ b/src/linux/net/newip/tcp_nip_input.c @@ -1074,6 +1074,13 @@ int _tcp_nip_conn_request(struct request_sock_ops *rsk_ops, af_ops->init_req(req, sk, skb); + /* Based on the security context of the socket and packet, + * this function calculates the security context of the connection + * and checks whether establishing a TCP connection is permitted. + */ + if (security_inet_conn_request(sk, skb, req)) + goto drop_and_free; + if (!isn) isn = af_ops->init_seq(skb); -- Gitee