From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Sterba Subject: Re: [PATCH v8] Add flags option to get xattr method paired to __vfs_getxattr Date: Tue, 27 Aug 2019 19:07:00 +0200 Message-ID: <20190827170700.GW2752@suse.cz> References: <20190827150544.151031-1-salyzyn@android.com> Reply-To: dsterba@suse.cz Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <20190827150544.151031-1-salyzyn@android.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-mtd" Errors-To: linux-mtd-bounces+gldm-linux-mtd-36=gmane.org@lists.infradead.org To: Mark Salyzyn Cc: Latchesar Ionkov , Eric Sandeen , Mike Marshall , James Morris , devel@lists.orangefs.org, Eric Van Hensbergen , Joel Becker , Trond Myklebust , Mathieu Malaterre , Greg Kroah-Hartman , linux-kernel@vger.kernel.org, Jan Kara , Casey Schaufler , Andrew Morton , Dave Kleikamp , linux-doc@vger.kernel.org, Jeff Layton , Chao Yu , Mimi Zohar , "David S. Miller" , linux-cifs@vger.kernel.org, Paul Moore , "Darrick J. Wong" , Hugh Dickins , kernel-team@android On Tue, Aug 27, 2019 at 08:05:15AM -0700, Mark Salyzyn wrote: > Replace arguments for get and set xattr methods, and __vfs_getxattr > and __vfs_setaxtr functions with a reference to the following now > common argument structure: > > struct xattr_gs_args { > struct dentry *dentry; > struct inode *inode; > const char *name; > union { > void *buffer; > const void *value; > }; > size_t size; > int flags; > }; > > Which in effect adds a flags option to the get method and > __vfs_getxattr function. > > Add a flag option to get xattr method that has bit flag of > XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then > set in the __vfs_getxattr path when called by security > infrastructure. > > This handles the case of a union filesystem driver that is being > requested by the security layer to report back the xattr data. > > For the use case where access is to be blocked by the security layer. > > The path then could be security(dentry) -> > __vfs_getxattr({dentry...XATTR_NOSECURITY}) -> > handler->get({dentry...XATTR_NOSECURITY}) -> > __vfs_getxattr({lower_dentry...XATTR_NOSECURITY}) -> > lower_handler->get({lower_dentry...XATTR_NOSECURITY}) > which would report back through the chain data and success as > expected, the logging security layer at the top would have the > data to determine the access permissions and report back the target > context that was blocked. > > Without the get handler flag, the path on a union filesystem would be > the errant security(dentry) -> __vfs_getxattr(dentry) -> > handler->get(dentry) -> vfs_getxattr(lower_dentry) -> nested -> > security(lower_dentry, log off) -> lower_handler->get(lower_dentry) > which would report back through the chain no data, and -EACCES. > > For selinux for both cases, this would translate to a correctly > determined blocked access. In the first case with this change a correct avc > log would be reported, in the second legacy case an incorrect avc log > would be reported against an uninitialized u:object_r:unlabeled:s0 > context making the logs cosmetically useless for audit2allow. > > This patch series is inert and is the wide-spread addition of the > flags option for xattr functions, and a replacement of __vfs_getxattr > with __vfs_getxattr({...XATTR_NOSECURITY}). > > Signed-off-by: Mark Salyzyn > Reviewed-by: Jan Kara > Cc: Stephen Smalley > Cc: linux-kernel@vger.kernel.org > Cc: kernel-team@android.com > Cc: linux-security-module@vger.kernel.org > Cc: stable@vger.kernel.org # 4.4, 4.9, 4.14 & 4.19 > --- > v8: > - Documentation reported 'struct xattr_gs_flags' rather than > 'struct xattr_gs_flags *args' as argument to get and set methods. For btrfs > fs/btrfs/xattr.c | 36 +++++----- Acked-by: David Sterba ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/