From: Stephen Smalley <sds@tycho.nsa.gov>
To: Andreas Gruenbacher <agruenba@redhat.com>,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
ocfs2-devel@oss.oracle.com, David Howells <dhowells@redhat.com>
Subject: [Ocfs2-devel] [PATCH v3 2/7] selinux: Add accessor functions for inode->i_security
Date: Tue, 27 Oct 2015 13:20:52 -0400 [thread overview]
Message-ID: <562FB274.6080100@tycho.nsa.gov> (raw)
In-Reply-To: <1445894128-6765-3-git-send-email-agruenba@redhat.com>
On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
> Add functions dentry_security and inode_security for accessing
> inode->i_security. These functions initially don't do much, but they
> will later be used to revalidate the security labels when necessary.
>
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> ---
> security/selinux/hooks.c | 101 ++++++++++++++++++++++++++---------------------
> 1 file changed, 57 insertions(+), 44 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index fc8f626..65e8689 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -241,6 +241,24 @@ static int inode_alloc_security(struct inode *inode)
> return 0;
> }
>
> +/*
> + * Get the security label of a dentry's inode.
> + */
> +static struct inode_security_struct *dentry_security(struct dentry *dentry)
> +{
> + struct inode *inode = d_backing_inode(dentry);
> +
> + return inode->i_security;
> +}
> +
> +/*
> + * Get the security label of an inode.
> + */
> +static struct inode_security_struct *inode_security(struct inode *inode)
> +{
> + return inode->i_security;
> +}
> +
> static void inode_free_rcu(struct rcu_head *head)
> {
> struct inode_security_struct *isec;
<snip>
> @@ -2207,7 +2222,6 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
> struct task_security_struct *new_tsec;
> struct inode_security_struct *isec;
> struct common_audit_data ad;
> - struct inode *inode = file_inode(bprm->file);
> int rc;
>
> /* SELinux context only depends on initial program or script and not
> @@ -2217,7 +2231,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
>
> old_tsec = current_security();
> new_tsec = bprm->cred->security;
> - isec = inode->i_security;
> + isec = dentry_security(bprm->file->f_path.dentry);
IIUC, this could change which inode label gets used when using overlayfs
(the overlay inode or the underlying inode). Not sure whether the
current code is correct for overlayfs (overlayfs + SELinux support still
in progress).
> @@ -3154,7 +3168,7 @@ out_nofree:
> static int selinux_inode_setsecurity(struct inode *inode, const char *name,
> const void *value, size_t size, int flags)
> {
> - struct inode_security_struct *isec = inode->i_security;
> + struct inode_security_struct *isec = inode_security(inode);
Was it intentional to not do this for selinux_inode_getsecurity() and
selinux_inode_getsecid()?
> @@ -3241,8 +3254,8 @@ int ioctl_has_perm(const struct cred *cred, struct file *file,
> {
> struct common_audit_data ad;
> struct file_security_struct *fsec = file->f_security;
> - struct inode *inode = file_inode(file);
> - struct inode_security_struct *isec = inode->i_security;
> + struct dentry *dentry = file->f_path.dentry;
> + struct inode_security_struct *isec = dentry_security(dentry);
> struct lsm_ioctlop_audit ioctl;
> u32 ssid = cred_sid(cred);
> int rc;
> @@ -3263,7 +3276,7 @@ int ioctl_has_perm(const struct cred *cred, struct file *file,
> goto out;
> }
>
> - if (unlikely(IS_PRIVATE(inode)))
> + if (unlikely(IS_PRIVATE(dentry->d_inode)))
> return 0;
>
> rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass,
> @@ -3506,7 +3519,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
> struct inode_security_struct *isec;
>
> fsec = file->f_security;
> - isec = file_inode(file)->i_security;
> + isec = dentry_security(file->f_path.dentry);
Similarly for these cases, switching from file_inode(file) to
d_backing_inode(dentry) could affect overlayfs interaction IIUC. cc'd
David for clarification.
WARNING: multiple messages have this Message-ID (diff)
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Andreas Gruenbacher <agruenba@redhat.com>,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
ocfs2-devel@oss.oracle.com, David Howells <dhowells@redhat.com>
Subject: Re: [PATCH v3 2/7] selinux: Add accessor functions for inode->i_security
Date: Tue, 27 Oct 2015 13:20:52 -0400 [thread overview]
Message-ID: <562FB274.6080100@tycho.nsa.gov> (raw)
In-Reply-To: <1445894128-6765-3-git-send-email-agruenba@redhat.com>
On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
> Add functions dentry_security and inode_security for accessing
> inode->i_security. These functions initially don't do much, but they
> will later be used to revalidate the security labels when necessary.
>
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> ---
> security/selinux/hooks.c | 101 ++++++++++++++++++++++++++---------------------
> 1 file changed, 57 insertions(+), 44 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index fc8f626..65e8689 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -241,6 +241,24 @@ static int inode_alloc_security(struct inode *inode)
> return 0;
> }
>
> +/*
> + * Get the security label of a dentry's inode.
> + */
> +static struct inode_security_struct *dentry_security(struct dentry *dentry)
> +{
> + struct inode *inode = d_backing_inode(dentry);
> +
> + return inode->i_security;
> +}
> +
> +/*
> + * Get the security label of an inode.
> + */
> +static struct inode_security_struct *inode_security(struct inode *inode)
> +{
> + return inode->i_security;
> +}
> +
> static void inode_free_rcu(struct rcu_head *head)
> {
> struct inode_security_struct *isec;
<snip>
> @@ -2207,7 +2222,6 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
> struct task_security_struct *new_tsec;
> struct inode_security_struct *isec;
> struct common_audit_data ad;
> - struct inode *inode = file_inode(bprm->file);
> int rc;
>
> /* SELinux context only depends on initial program or script and not
> @@ -2217,7 +2231,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
>
> old_tsec = current_security();
> new_tsec = bprm->cred->security;
> - isec = inode->i_security;
> + isec = dentry_security(bprm->file->f_path.dentry);
IIUC, this could change which inode label gets used when using overlayfs
(the overlay inode or the underlying inode). Not sure whether the
current code is correct for overlayfs (overlayfs + SELinux support still
in progress).
> @@ -3154,7 +3168,7 @@ out_nofree:
> static int selinux_inode_setsecurity(struct inode *inode, const char *name,
> const void *value, size_t size, int flags)
> {
> - struct inode_security_struct *isec = inode->i_security;
> + struct inode_security_struct *isec = inode_security(inode);
Was it intentional to not do this for selinux_inode_getsecurity() and
selinux_inode_getsecid()?
> @@ -3241,8 +3254,8 @@ int ioctl_has_perm(const struct cred *cred, struct file *file,
> {
> struct common_audit_data ad;
> struct file_security_struct *fsec = file->f_security;
> - struct inode *inode = file_inode(file);
> - struct inode_security_struct *isec = inode->i_security;
> + struct dentry *dentry = file->f_path.dentry;
> + struct inode_security_struct *isec = dentry_security(dentry);
> struct lsm_ioctlop_audit ioctl;
> u32 ssid = cred_sid(cred);
> int rc;
> @@ -3263,7 +3276,7 @@ int ioctl_has_perm(const struct cred *cred, struct file *file,
> goto out;
> }
>
> - if (unlikely(IS_PRIVATE(inode)))
> + if (unlikely(IS_PRIVATE(dentry->d_inode)))
> return 0;
>
> rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass,
> @@ -3506,7 +3519,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
> struct inode_security_struct *isec;
>
> fsec = file->f_security;
> - isec = file_inode(file)->i_security;
> + isec = dentry_security(file->f_path.dentry);
Similarly for these cases, switching from file_inode(file) to
d_backing_inode(dentry) could affect overlayfs interaction IIUC. cc'd
David for clarification.
next prev parent reply other threads:[~2015-10-27 17:20 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-26 21:15 [PATCH v3 0/7] Inode security label invalidation Andreas Gruenbacher
2015-10-26 21:15 ` [PATCH v3 1/7] selinux: Remove unused variable in selinux_inode_init_security Andreas Gruenbacher
2015-10-27 13:11 ` [Ocfs2-devel] " Stephen Smalley
2015-10-27 13:11 ` Stephen Smalley
2015-10-26 21:15 ` [PATCH v3 2/7] selinux: Add accessor functions for inode->i_security Andreas Gruenbacher
2015-10-27 17:20 ` Stephen Smalley [this message]
2015-10-27 17:20 ` Stephen Smalley
2015-10-28 13:36 ` Andreas Gruenbacher
2015-10-26 21:15 ` [PATCH v3 3/7] selinux: Get rid of file_path_has_perm Andreas Gruenbacher
2015-10-27 16:40 ` [Ocfs2-devel] " Stephen Smalley
2015-10-27 16:40 ` Stephen Smalley
2015-10-28 11:48 ` Andreas Gruenbacher
2015-10-28 17:31 ` [Ocfs2-devel] " Stephen Smalley
2015-10-28 17:31 ` Stephen Smalley
2015-10-28 18:56 ` [Ocfs2-devel] " Stephen Smalley
2015-10-28 18:56 ` Stephen Smalley
2015-10-29 0:22 ` Andreas Gruenbacher
2015-10-26 21:15 ` [PATCH v3 4/7] selinux: Push dentry down from {dentry, path, file}_has_perm Andreas Gruenbacher
2015-10-26 21:15 ` [PATCH v3 5/7] security: Add hook to invalidate inode security labels Andreas Gruenbacher
2015-10-28 6:08 ` [Ocfs2-devel] " James Morris
2015-10-28 6:08 ` James Morris
2015-10-28 6:09 ` [Ocfs2-devel] " James Morris
2015-10-28 6:09 ` James Morris
2015-10-26 21:15 ` [PATCH v3 6/7] selinux: Revalidate invalid " Andreas Gruenbacher
2015-10-26 21:15 ` [Cluster-devel] [PATCH v3 7/7] gfs2: Invalide security labels of inodes when they go invalid Andreas Gruenbacher
2015-10-26 21:15 ` Andreas Gruenbacher
2015-10-27 12:32 ` [Ocfs2-devel] [PATCH v3 0/7] Inode security label invalidation Stephen Smalley
2015-10-27 12:32 ` Stephen Smalley
2015-10-28 21:12 ` Paul Moore
2015-10-28 21:30 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=562FB274.6080100@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=agruenba@redhat.com \
--cc=dhowells@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=ocfs2-devel@oss.oracle.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.