diff options
| author | Christian Brauner <christian@brauner.io> | 2019-01-21 05:48:03 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-01-22 06:25:53 -0500 |
| commit | e98e6fa18636609f14a7f866524950a783cf4fbf (patch) | |
| tree | bf5bd8f3cd65048a8f44455b52d7697bc4b29016 /drivers/android | |
| parent | 7c4d08fc4d5aca073bd4ebecbb9eda5e4d858b71 (diff) | |
binderfs: prevent renaming the control dentry
- make binderfs control dentry immutable:
We don't allow to unlink it since it is crucial for binderfs to be
useable but if we allow to rename it we make the unlink trivial to
bypass. So prevent renaming too and simply treat the control dentry as
immutable.
- add is_binderfs_control_device() helper:
Take the opportunity and turn the check for the control dentry into a
separate helper is_binderfs_control_device() since it's now used in two
places.
- simplify binderfs_rename():
Instead of hand-rolling our custom version of simple_rename() just dumb
the whole function down to first check whether we're trying to rename the
control dentry. If we do EPERM the caller and if not call simple_rename().
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Christian Brauner <christian@brauner.io>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/android')
| -rw-r--r-- | drivers/android/binderfs.c | 28 |
1 files changed, 10 insertions, 18 deletions
diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c index 898d847f8505..e73f9dbee099 100644 --- a/drivers/android/binderfs.c +++ b/drivers/android/binderfs.c | |||
| @@ -346,34 +346,26 @@ static const struct super_operations binderfs_super_ops = { | |||
| 346 | .statfs = simple_statfs, | 346 | .statfs = simple_statfs, |
| 347 | }; | 347 | }; |
| 348 | 348 | ||
| 349 | static inline bool is_binderfs_control_device(const struct dentry *dentry) | ||
| 350 | { | ||
| 351 | struct binderfs_info *info = dentry->d_sb->s_fs_info; | ||
| 352 | return info->control_dentry == dentry; | ||
| 353 | } | ||
| 354 | |||
| 349 | static int binderfs_rename(struct inode *old_dir, struct dentry *old_dentry, | 355 | static int binderfs_rename(struct inode *old_dir, struct dentry *old_dentry, |
| 350 | struct inode *new_dir, struct dentry *new_dentry, | 356 | struct inode *new_dir, struct dentry *new_dentry, |
| 351 | unsigned int flags) | 357 | unsigned int flags) |
| 352 | { | 358 | { |
| 353 | struct inode *inode = d_inode(old_dentry); | 359 | if (is_binderfs_control_device(old_dentry) || |
| 354 | 360 | is_binderfs_control_device(new_dentry)) | |
| 355 | /* binderfs doesn't support directories. */ | ||
| 356 | if (d_is_dir(old_dentry)) | ||
| 357 | return -EPERM; | 361 | return -EPERM; |
| 358 | 362 | ||
| 359 | if (flags & ~RENAME_NOREPLACE) | 363 | return simple_rename(old_dir, old_dentry, new_dir, new_dentry, flags); |
| 360 | return -EINVAL; | ||
| 361 | |||
| 362 | if (!simple_empty(new_dentry)) | ||
| 363 | return -ENOTEMPTY; | ||
| 364 | |||
| 365 | if (d_really_is_positive(new_dentry)) | ||
| 366 | simple_unlink(new_dir, new_dentry); | ||
| 367 | |||
| 368 | old_dir->i_ctime = old_dir->i_mtime = new_dir->i_ctime = | ||
| 369 | new_dir->i_mtime = inode->i_ctime = current_time(old_dir); | ||
| 370 | |||
| 371 | return 0; | ||
| 372 | } | 364 | } |
| 373 | 365 | ||
| 374 | static int binderfs_unlink(struct inode *dir, struct dentry *dentry) | 366 | static int binderfs_unlink(struct inode *dir, struct dentry *dentry) |
| 375 | { | 367 | { |
| 376 | if (BINDERFS_I(dir)->control_dentry == dentry) | 368 | if (is_binderfs_control_device(dentry)) |
| 377 | return -EPERM; | 369 | return -EPERM; |
| 378 | 370 | ||
| 379 | return simple_unlink(dir, dentry); | 371 | return simple_unlink(dir, dentry); |