diff options
| author | Seung-Woo Kim <sw0312.kim@samsung.com> | 2016-12-12 03:35:26 -0500 |
|---|---|---|
| committer | Casey Schaufler <casey@schaufler-ca.com> | 2017-01-10 12:47:20 -0500 |
| commit | 83a1e53f392075e291a90746241dce45c6f9429a (patch) | |
| tree | 40cb07887ad83b39bb253199e448de0946d760fd /security | |
| parent | 805b65a80bed029572c6462cc4be0a260e1482e9 (diff) | |
Smack: ignore private inode for file functions
The access to fd from anon_inode is always failed because there is
no set xattr operations. So this patch fixes to ignore private
inode including anon_inode for file functions.
It was only ignored for smack_file_receive() to share dma-buf fd,
but dma-buf has other functions like ioctl and mmap.
Reference: https://lkml.org/lkml/2015/4/17/16
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/smack/smack_lsm.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 225c4ad56444..679455350faf 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1647,6 +1647,9 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd, | |||
| 1647 | struct smk_audit_info ad; | 1647 | struct smk_audit_info ad; |
| 1648 | struct inode *inode = file_inode(file); | 1648 | struct inode *inode = file_inode(file); |
| 1649 | 1649 | ||
| 1650 | if (unlikely(IS_PRIVATE(inode))) | ||
| 1651 | return 0; | ||
| 1652 | |||
| 1650 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); | 1653 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 1651 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | 1654 | smk_ad_setfield_u_fs_path(&ad, file->f_path); |
| 1652 | 1655 | ||
| @@ -1676,6 +1679,9 @@ static int smack_file_lock(struct file *file, unsigned int cmd) | |||
| 1676 | int rc; | 1679 | int rc; |
| 1677 | struct inode *inode = file_inode(file); | 1680 | struct inode *inode = file_inode(file); |
| 1678 | 1681 | ||
| 1682 | if (unlikely(IS_PRIVATE(inode))) | ||
| 1683 | return 0; | ||
| 1684 | |||
| 1679 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); | 1685 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 1680 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | 1686 | smk_ad_setfield_u_fs_path(&ad, file->f_path); |
| 1681 | rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); | 1687 | rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); |
| @@ -1702,6 +1708,9 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
| 1702 | int rc = 0; | 1708 | int rc = 0; |
| 1703 | struct inode *inode = file_inode(file); | 1709 | struct inode *inode = file_inode(file); |
| 1704 | 1710 | ||
| 1711 | if (unlikely(IS_PRIVATE(inode))) | ||
| 1712 | return 0; | ||
| 1713 | |||
| 1705 | switch (cmd) { | 1714 | switch (cmd) { |
| 1706 | case F_GETLK: | 1715 | case F_GETLK: |
| 1707 | break; | 1716 | break; |
| @@ -1755,6 +1764,9 @@ static int smack_mmap_file(struct file *file, | |||
| 1755 | if (file == NULL) | 1764 | if (file == NULL) |
| 1756 | return 0; | 1765 | return 0; |
| 1757 | 1766 | ||
| 1767 | if (unlikely(IS_PRIVATE(file_inode(file)))) | ||
| 1768 | return 0; | ||
| 1769 | |||
| 1758 | isp = file_inode(file)->i_security; | 1770 | isp = file_inode(file)->i_security; |
| 1759 | if (isp->smk_mmap == NULL) | 1771 | if (isp->smk_mmap == NULL) |
| 1760 | return 0; | 1772 | return 0; |