From patchwork Fri Dec 9 13:03:04 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rafa? Krypa X-Patchwork-Id: 9468155 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 05A2E60231 for ; Fri, 9 Dec 2016 13:03:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC0B62864B for ; Fri, 9 Dec 2016 13:03:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DEF962864D; Fri, 9 Dec 2016 13:03:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DB6CC2864B for ; Fri, 9 Dec 2016 13:03:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932313AbcLINDY (ORCPT ); Fri, 9 Dec 2016 08:03:24 -0500 Received: from mailout2.w1.samsung.com ([210.118.77.12]:33358 "EHLO mailout2.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751845AbcLINDX (ORCPT ); Fri, 9 Dec 2016 08:03:23 -0500 Received: from eucas1p1.samsung.com (unknown [182.198.249.206]) by mailout2.w1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTP id <0OHX00JDF5LJDY50@mailout2.w1.samsung.com> for linux-security-module@vger.kernel.org; Fri, 09 Dec 2016 13:03:19 +0000 (GMT) Received: from eusmges1.samsung.com (unknown [203.254.199.239]) by eucas1p2.samsung.com (KnoxPortal) with ESMTP id 20161209130319eucas1p2872e4d79cc6b3509437e3310105c1d51~OmCIA7HTj1828118281eucas1p2E; Fri, 9 Dec 2016 13:03:19 +0000 (GMT) Received: from eucas1p2.samsung.com ( [182.198.249.207]) by eusmges1.samsung.com (EUCPMTA) with SMTP id 3A.37.23383.89BAA485; Fri, 9 Dec 2016 13:03:20 +0000 (GMT) Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by eucas1p2.samsung.com (KnoxPortal) with ESMTP id 20161209130318eucas1p2317c3f6a0db945617f7fe93e834bcbd4~OmCHWdDt51824918249eucas1p2Y; Fri, 9 Dec 2016 13:03:18 +0000 (GMT) X-AuditID: cbfec7ef-f79e76d000005b57-d7-584aab989b94 Received: from eusync1.samsung.com ( [203.254.199.211]) by eusmgms2.samsung.com (EUCPMTA) with SMTP id 58.84.10494.38BAA485; Fri, 9 Dec 2016 13:02:59 +0000 (GMT) Received: from amdc814.DIGITAL.local ([106.120.53.103]) by eusync1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTPA id <0OHX0048B5LBZI00@eusync1.samsung.com>; Fri, 09 Dec 2016 13:03:18 +0000 (GMT) From: Rafal Krypa To: Casey Schaufler Cc: linux-security-module@vger.kernel.org, Tomasz Swierczek , Kidong Kim , Rafal Krypa Subject: [PATCH] Smack: fix d_instantiate logic for sockfs and pipefs Date: Fri, 09 Dec 2016 14:03:04 +0100 Message-id: <20161209130304.20862-1-r.krypa@samsung.com> X-Mailer: git-send-email 2.10.2 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrJIsWRmVeSWpSXmKPExsWy7djP87ozVntFGCzo5rO4t+0Xm0Vfwywm iw89j9gs3k5awWzx6/YUVgdWj74tqxg9ju5fxObxeZNcAHMUl01Kak5mWWqRvl0CV8blaSoF N/krzp55y9rAuIWni5GTQ0LARGLj8QWsELaYxIV769m6GLk4hASWMUosv9zMBOF8ZpRYdOMx K0zHhlWfGeGqZt7/AOX8Z5To3vOBCaSKTUBdYun8XjYQW0RAR2LfnufsIEXMAgsZJV7/PQE2 SljAVWJxdycjiM0ioCrx/cRrMJtXwELizPd2Foh18hILzx8Bu0NCYAebxP8PP4GaOYAcWYlN B5ghalwkpp7/wAhhC0u8Or6FHcKWkbg8uZsForcb6LqtkxghnCmMEvPaPjNBVFlLfJ60BWwS swCfxKRt05khFvBKdLQJQZR4SLyafBNqmaPE47VXwW4QEoiV+HSSbQKj9AJGhlWMIqmlxbnp qcWGesWJucWleel6yfm5mxiBEXj63/H3OxifNoccYhTgYFTi4T1Q4BkhxJpYVlyZe4hRgoNZ SYR3xSqvCCHelMTKqtSi/Pii0pzU4kOM0hwsSuK8exdcCRcSSE8sSc1OTS1ILYLJMnFwSjUw ihtVBHTKJJxVbri4KnX/vVsJWu41S/TVp7Z0bHk/wePMnicVU+Y2BvzyPNxxY/a6hinRXgUr fksvktzxaJXrW8skv6XLTF/w/nISWZixwXun+v+VHZankyNzrMXvOJqyxsckbCp0WPsjjdM2 anpExKx1/Z1PrAxOOC/MV5wqtnuG88o5p/wPKLEUZyQaajEXFScCAN6y6qa8AgAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrDLMWRmVeSWpSXmKPExsVy+t/xy7rNq70iDNqei1vc2/aLzaKvYRaT xYeeR2wWbyetYLb4dXsKqwOrR9+WVYweR/cvYvP4vEkugDnKzSYjNTEltUghNS85PyUzL91W KTTETddCSSEvMTfVVilC1zckSEmhLDGnFMgzMkADDs4B7sFK+nYJbhmXp6kU3OSvOHvmLWsD 4xaeLkZODgkBE4kNqz4zQthiEhfurWcDsYUEljBKHDtf1sXIBWQ3Mkls//OXHSTBJqAusXR+ L1iRiICOxL49z9lBipgFFjJKHPrbBzZJWMBVYnF3J5jNIqAq8f3EazCbV8BC4sz3dhaIbfIS C88fYZrAyL2AkWEVo0hqaXFuem6xkV5xYm5xaV66XnJ+7iZGYMhtO/Zzyw7GrnfBhxgFOBiV eHgPFHhGCLEmlhVX5h5ilOBgVhLhXbHKK0KINyWxsiq1KD++qDQntfgQoynQ8onMUqLJ+cB4 yCuJNzQxNLc0NDK2sDA3MlIS55364Uq4kEB6YklqdmpqQWoRTB8TB6dUA+Mlz2VON3py1Lgm hQnPPpsz7fnGq+2ca447Ppr1QuxuzpVt11aZuHJ+OrlpkVp6k9Zrgfitilub3LmafL4eSP1/ 8Paft1mbdvYttZxWsfbebv4bR2eXrH9yWrxVfaLUrk+T5jP3V2/pmu7pxXZxZsL2vvLUqD87 +7q/rJtqqxY/MZp59XflldmblViKMxINtZiLihMBImj7c08CAAA= X-MTR: 20000000000000000@CPGS X-CMS-MailID: 20161209130318eucas1p2317c3f6a0db945617f7fe93e834bcbd4 X-Msg-Generator: CA X-Sender-IP: 182.198.249.180 X-Local-Sender: =?UTF-8?B?UmFmYWwgS3J5cGEbU1JQT0wtU2VjdXJpdHkgKFRQKRvsgrw=?= =?UTF-8?B?7ISx7KCE7J6QG1NlbmlvciBTb2Z0d2FyZSBFbmdpbmVlcg==?= X-Global-Sender: =?UTF-8?B?UmFmYWwgS3J5cGEbU1JQT0wtU2VjdXJpdHkgKFRQKRtTYW1z?= =?UTF-8?B?dW5nIEVsZWN0cm9uaWNzG1NlbmlvciBTb2Z0d2FyZSBFbmdpbmVlcg==?= X-Sender-Code: =?UTF-8?B?QzEwG0VIURtDMTBDRDAyQ0QwMjczOTU=?= CMS-TYPE: 201P X-HopCount: 7 X-CMS-RootMailID: 20161209130318eucas1p2317c3f6a0db945617f7fe93e834bcbd4 X-RootMTR: 20161209130318eucas1p2317c3f6a0db945617f7fe93e834bcbd4 References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Since 4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected. It caused filesystem specific code in smack_d_instantiate to be skipped, because all inodes on those pseudo filesystems were treated as root inodes. As a result all sockfs inodes had the Smack label set to floor. In most cases access checks for sockets use socket_smack data so the inode label is not important. But there are special cases that were broken. One example would be calling fcntl with F_SETOWN command on a socket fd. Now smack_d_instantiate expects all pipefs and sockfs inodes to be disconnected and has the logic in appropriate place. Signed-off-by: Rafal Krypa Acked-by: Casey Schaufler --- security/smack/smack_lsm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 4d90257..9d79d2f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3438,6 +3438,13 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) case PIPEFS_MAGIC: isp->smk_inode = smk_of_current(); break; + case SOCKFS_MAGIC: + /* + * Socket access is controlled by the socket + * structures associated with the task involved. + */ + isp->smk_inode = &smack_known_star; + break; default: isp->smk_inode = sbsp->smk_root; break; @@ -3454,19 +3461,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) */ switch (sbp->s_magic) { case SMACK_MAGIC: - case PIPEFS_MAGIC: - case SOCKFS_MAGIC: case CGROUP_SUPER_MAGIC: /* * Casey says that it's a little embarrassing * that the smack file system doesn't do * extended attributes. * - * Casey says pipes are easy (?) - * - * Socket access is controlled by the socket - * structures associated with the task involved. - * * Cgroupfs is special */ final = &smack_known_star;