From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8B312E649 for ; Mon, 9 Oct 2023 13:42:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="sYiGo52h" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42931C433C7; Mon, 9 Oct 2023 13:42:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1696858924; bh=keNwJIMYf3uHml7kLhRYljesiftqlB70BisSDSSvG+A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sYiGo52hMZuu2DTnSQz673QTe0KeTmLGTdfAluh1SDbh6yDcLpUUm14AiFfQOgDbl 2l5AmEkPj3t1k00msyTHiIJsvvFsU7N1+dwhPSjfSOh1mYAdOuLTjWTs9TVxL5ZL0I lMZyLBD8Xk2CZQgG7zw0BpQi4TIGSPBGpNIzug2k= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Roberto Sassu , Casey Schaufler , Sasha Levin Subject: [PATCH 5.10 143/226] smack: Retrieve transmuting information in smack_inode_getsecurity() Date: Mon, 9 Oct 2023 15:01:44 +0200 Message-ID: <20231009130130.466734301@linuxfoundation.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231009130126.697995596@linuxfoundation.org> References: <20231009130126.697995596@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 5.10-stable review patch. If anyone has any objections, please let me know. ------------------ From: Roberto Sassu [ Upstream commit 3a3d8fce31a49363cc31880dce5e3b0617c9c38b ] Enhance smack_inode_getsecurity() to retrieve the value for SMACK64TRANSMUTE from the inode security blob, similarly to SMACK64. This helps to display accurate values in the situation where the security labels come from mount options and not from xattrs. Signed-off-by: Roberto Sassu Signed-off-by: Casey Schaufler Signed-off-by: Sasha Levin --- security/smack/smack_lsm.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index e7f6f55bbae24..6bfc3c8d93102 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1444,10 +1444,19 @@ static int smack_inode_getsecurity(struct inode *inode, struct super_block *sbp; struct inode *ip = (struct inode *)inode; struct smack_known *isp; + struct inode_smack *ispp; + size_t label_len; + char *label = NULL; - if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) + if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { isp = smk_of_inode(inode); - else { + } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) { + ispp = smack_inode(inode); + if (ispp->smk_flags & SMK_INODE_TRANSMUTE) + label = TRANS_TRUE; + else + label = ""; + } else { /* * The rest of the Smack xattrs are only on sockets. */ @@ -1469,13 +1478,18 @@ static int smack_inode_getsecurity(struct inode *inode, return -EOPNOTSUPP; } + if (!label) + label = isp->smk_known; + + label_len = strlen(label); + if (alloc) { - *buffer = kstrdup(isp->smk_known, GFP_KERNEL); + *buffer = kstrdup(label, GFP_KERNEL); if (*buffer == NULL) return -ENOMEM; } - return strlen(isp->smk_known); + return label_len; } -- 2.40.1