From: Munehisa Kamata <kamatam@amazon.com>
To: <stable@vger.kernel.org>
Cc: <casey@schaufler-ca.com>, <vishal.goel@samsung.com>,
<roberto.sassu@huawei.com>, <kamatam@amazon.com>
Subject: [PATCH for 4.19.y 2/3] smack: Retrieve transmuting information in smack_inode_getsecurity()
Date: Thu, 28 Sep 2023 18:51:37 -0700 [thread overview]
Message-ID: <20230929015138.835462-3-kamatam@amazon.com> (raw)
In-Reply-To: <20230929015138.835462-1-kamatam@amazon.com>
From: Roberto Sassu <roberto.sassu@huawei.com>
commit 3a3d8fce31a49363cc31880dce5e3b0617c9c38b upstream.
Enhance smack_inode_getsecurity() to retrieve the value for
SMACK64TRANSMUTE from the inode security blob, similarly to SMACK64.
This helps to display accurate values in the situation where the security
labels come from mount options and not from xattrs.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[4.19: adjusted for the lack of helper functions]
Fixes: d6d80cb57be4 ("Smack: Base support for overlayfs")
Signed-off-by: Munehisa Kamata <kamatam@amazon.com>
---
security/smack/smack_lsm.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index a09a9c6bbdf6..db729834d8ba 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1490,10 +1490,19 @@ static int smack_inode_getsecurity(struct inode *inode,
struct super_block *sbp;
struct inode *ip = (struct inode *)inode;
struct smack_known *isp;
+ struct inode_smack *ispp;
+ size_t label_len;
+ char *label = NULL;
- if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
+ if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
isp = smk_of_inode(inode);
- else {
+ } else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
+ ispp = inode->i_security;
+ if (ispp->smk_flags & SMK_INODE_TRANSMUTE)
+ label = TRANS_TRUE;
+ else
+ label = "";
+ } else {
/*
* The rest of the Smack xattrs are only on sockets.
*/
@@ -1515,13 +1524,18 @@ static int smack_inode_getsecurity(struct inode *inode,
return -EOPNOTSUPP;
}
+ if (!label)
+ label = isp->smk_known;
+
+ label_len = strlen(label);
+
if (alloc) {
- *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
+ *buffer = kstrdup(label, GFP_KERNEL);
if (*buffer == NULL)
return -ENOMEM;
}
- return strlen(isp->smk_known);
+ return label_len;
}
--
2.34.1
next prev parent reply other threads:[~2023-09-29 1:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-29 1:50 Request to cherry-pick a few Smack fixes Munehisa Kamata
2023-09-29 1:51 ` [PATCH for 4.19.y 0/3] Backport Smack fixes for 4.19.y Munehisa Kamata
2023-09-29 1:51 ` [PATCH for 4.19.y 1/3] Smack:- Use overlay inode label in smack_inode_copy_up() Munehisa Kamata
2023-09-29 1:51 ` Munehisa Kamata [this message]
2023-09-29 1:51 ` [PATCH for 4.19.y 3/3] smack: Record transmuting in smk_transmuted Munehisa Kamata
2023-10-03 11:26 ` [PATCH for 4.19.y 0/3] Backport Smack fixes for 4.19.y Sasha Levin
2023-10-03 19:02 ` Munehisa Kamata
2023-10-04 10:00 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230929015138.835462-3-kamatam@amazon.com \
--to=kamatam@amazon.com \
--cc=casey@schaufler-ca.com \
--cc=roberto.sassu@huawei.com \
--cc=stable@vger.kernel.org \
--cc=vishal.goel@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox