From patchwork Sun Apr  3 05:22:02 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 8732991
Return-Path: <linux-fsdevel-owner@kernel.org>
X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 9EDDF9F71A
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sun,  3 Apr 2016 05:26:06 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id D20582022D
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sun,  3 Apr 2016 05:26:05 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 0FAA120254
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sun,  3 Apr 2016 05:26:05 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752750AbcDCFZp (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Sun, 3 Apr 2016 01:25:45 -0400
Received: from mail-ig0-f193.google.com ([209.85.213.193]:33007 "EHLO
	mail-ig0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752545AbcDCFXq (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Sun, 3 Apr 2016 01:23:46 -0400
Received: by mail-ig0-f193.google.com with SMTP id nt3so7656917igb.0;
	Sat, 02 Apr 2016 22:23:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=ntwT3fReovfwRXhlEf+C9oKKlacEMruuXvLdGzJXf+s=;
	b=0Wy6pKNfWvQQl+neM0FDojB8A+Uk7O1sO7yjg6hPH1rSCzJ9h5KCGWxBrPFsv8rkRn
	xaXju9G8iLVx/PJgK7cx6VzA+SzwI0gXGVEWxl1Cq0gmW67mLlboQ4oy+UWjKdNkuSfF
	KYlM5A45UNLbppdDMzikMxSJE1d53QvF5cfLWw/Xtzyt8ncpIK/iJrC33Zzkkiz7WY+t
	3oICmWrGuTsKxAPYTB6xvobQFwa0hjwKZBpm7bqPrm2dalPGVQubk2g/7n1qik7b4qE1
	ewc+1RHHHb3JbNScEwrzdXEAyRbfgaSO1hrewBAlCIyWp0Tl6uC/l8FN7o/19/miXOkt
	0jZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ntwT3fReovfwRXhlEf+C9oKKlacEMruuXvLdGzJXf+s=;
	b=HWfUy9QJEV4TVzn6E4DLamDHlFcb4st24P1Hd/izxMTEZQey1TErIdUbPeggUU2yzC
	riEKf4jktbD+F/d50xd61WLtZFk5+ql8fGEJk7I+ZZBdlTQnbshsuLpNAW5dncGKLe5K
	01k4KlgDeAjLiv/aUsmEUxSPN3LS7OxW/qAAEX6u3AGche+bx3regMRHh+sxX7OWJOBc
	AoFDuPP/xfWjNufmZRE0Tm8zQiFdzrD8d6ka2gC4ty5RIkWv+9Q9KvIJ3rTfxgfMqiBO
	sSP27lo3tNoTT8vgfw9In91Paoj3LFpgS1cD6u/+wNH0fd3thHi9iuIAd5BQnU9Aranh
	jvsQ==
X-Gm-Message-State: 
 AD7BkJK63psTwVOdzxpe33RhIZl2sSNTCWhOhva2U6en9IeJS6zqE43akmg8c2udzDE4fQ==
X-Received: by 10.50.50.9 with SMTP id y9mr5544126ign.18.1459661025632;
	Sat, 02 Apr 2016 22:23:45 -0700 (PDT)
Received: from localhost.localdomain (c-24-7-245-123.hsd1.mn.comcast.net.
	[24.7.245.123]) by smtp.gmail.com with ESMTPSA id
	je6sm2914954igb.15.2016.04.02.22.23.44
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Sat, 02 Apr 2016 22:23:45 -0700 (PDT)
From: Eric Biggers <ebiggers3@gmail.com>
To: linux-fsdevel@vger.kernel.org
Cc: linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org,
	linux-kernel@vger.kernel.org, jaegeuk@kernel.org, tytso@mit.edu,
	mhalcrow@google.com, Eric Biggers <ebiggers3@gmail.com>
Subject: [PATCH 11/13] fscrypto: restrict setting encryption policy to inode
	owner
Date: Sun,  3 Apr 2016 00:22:02 -0500
Message-Id: <1459660924-2960-12-git-send-email-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1459660924-2960-1-git-send-email-ebiggers3@gmail.com>
References: <1459660924-2960-1-git-send-email-ebiggers3@gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

On a filesystem with encryption enabled, a user could set an encryption
policy on any empty directory to which they have readonly access.  This
is a potential security issue since such a directory might be owned by
another user, and the new encryption policy may prevent that user from
creating files in their own directory.

Fix this by requiring inode_owner_or_capable() permission to set an
encryption policy.

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
---
 fs/crypto/policy.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index cb5ba27..3f5c275 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -96,6 +96,9 @@ int fscrypt_set_policy(struct inode *inode, const struct fscrypt_policy *policy)
 {
 	int ret = 0;
 
+	if (!inode_owner_or_capable(inode))
+		return -EACCES;
+
 	if (policy->version != 0)
 		return -EINVAL;