From patchwork Mon Dec 12 08:35:26 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seung-Woo Kim X-Patchwork-Id: 9470165 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F0D1D60476 for ; Mon, 12 Dec 2016 08:35:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E488A24EE5 for ; Mon, 12 Dec 2016 08:35:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D6104283F3; Mon, 12 Dec 2016 08:35:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5842424EE5 for ; Mon, 12 Dec 2016 08:35:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751068AbcLLIfw (ORCPT ); Mon, 12 Dec 2016 03:35:52 -0500 Received: from mailout1.samsung.com ([203.254.224.24]:37770 "EHLO mailout1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750712AbcLLIfv (ORCPT ); Mon, 12 Dec 2016 03:35:51 -0500 Received: from epcpsbgm2new.samsung.com (epcpsbgm2 [203.254.230.27]) by mailout1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTP id <0OI201GG0D7CGXE0@mailout1.samsung.com>; Mon, 12 Dec 2016 17:35:49 +0900 (KST) X-AuditID: cbfee61b-f796f6d000004092-99-584e61657f46 Received: from epmmp2 ( [203.254.227.17]) by epcpsbgm2new.samsung.com (EPCPMTA) with SMTP id 77.76.16530.5616E485; Mon, 12 Dec 2016 17:35:49 +0900 (KST) Received: from localhost.localdomain ([10.113.62.209]) by mmp2.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTPA id <0OI200BMXD7MCP40@mmp2.samsung.com>; Mon, 12 Dec 2016 17:35:49 +0900 (KST) From: Seung-Woo Kim To: linux-security-module@vger.kernel.org, casey@schaufler-ca.com Cc: james.l.morris@oracle.com, serge@hallyn.com, linux-kernel@vger.kernel.org, sw0312.kim@samsung.com, kk.moon@samsung.com, jy0922.shim@samsung.com Subject: [PATCH] Smack: ignore private inode for file functions Date: Mon, 12 Dec 2016 17:35:26 +0900 Message-id: <1481531726-2922-1-git-send-email-sw0312.kim@samsung.com> X-Mailer: git-send-email 1.7.4.1 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrJLMWRmVeSWpSXmKPExsVy+t9jQd3URL8Igyl3NCzubfvFZtH3OMji xb2LLBYXTjUxWlzeNYfN4kPPIzaL8xfOsVvMmPySzYHD49ruSI+PT2+xePRtWcXocXT/IjaP z5vkAlij3GwyUhNTUosUUvOS81My89JtlUJD3HQtlBTyEnNTbZUidH1DgpQUyhJzSoE8IwM0 4OAc4B6spG+X4JZxdMZBtoKjfBWLli1gbGD8yt3FyMkhIWAi8fnPKRYIW0ziwr31bF2MXBxC ArMYJW7ua2SEcH4wSpzYsJwNpIpNQEdi/5LfrCC2iICjxOT519hBipgFpjJK3Dj+hREkISxg L7F88TUwm0VAVWL3wVPsIDavgKvE2unPWSHWKUgsuPeWbQIj9wJGhlWMEqkFyQXFSem5Rnmp 5XrFibnFpXnpesn5uZsYwcH6THoH4+Fd7ocYBTgYlXh4HVJ9I4RYE8uKK3MPMUpwMCuJ8CbH +EUI8aYkVlalFuXHF5XmpBYfYjQFOmAis5Rocj4wkvJK4g1NzE3MjQ0szC0tTYyUxHkbZz8L FxJITyxJzU5NLUgtgulj4uCUamC0aTnG0WE5x8qq+aF7ygNJkaDdJQeFtrH6OJTzf7F4d0et 7HmWvugGbZ37l4/lyidsaTK9y8Pa/Vzt8wWv+MAfS3P4OCt/LBE382YJO7iLe5f0Uc1Vbcv2 hhVcjOH7XPTNhWHh1Jmb3254l7PUyW/zm4dPX0h2n0qwfizpPfGf4cbKh/0leY+UWIozEg21 mIuKEwGw7yy7bAIAAA== X-MTR: 20000000000000000@CPGS Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The access to fd from anon_inode is always failed because there is no set xattr operations. So this patch fixes to ignore private inode including anon_inode for file functions. It was only ignored for smack_file_receive() to share dma-buf fd, but dma-buf has other functions like ioctl and mmap. Reference: https://lkml.org/lkml/2015/4/17/16 Signed-off-by: Seung-Woo Kim Acked-by: Casey Schaufler --- security/smack/smack_lsm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1cb0602..e7f0bbe 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1632,6 +1632,9 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd, struct smk_audit_info ad; struct inode *inode = file_inode(file); + if (unlikely(IS_PRIVATE(inode))) + return 0; + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, file->f_path); @@ -1661,6 +1664,9 @@ static int smack_file_lock(struct file *file, unsigned int cmd) int rc; struct inode *inode = file_inode(file); + if (unlikely(IS_PRIVATE(inode))) + return 0; + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, file->f_path); rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad); @@ -1687,6 +1693,9 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, int rc = 0; struct inode *inode = file_inode(file); + if (unlikely(IS_PRIVATE(inode))) + return 0; + switch (cmd) { case F_GETLK: break; @@ -1740,6 +1749,9 @@ static int smack_mmap_file(struct file *file, if (file == NULL) return 0; + if (unlikely(IS_PRIVATE(file_inode(file)))) + return 0; + isp = file_inode(file)->i_security; if (isp->smk_mmap == NULL) return 0;