From ac707a18e2e0bc23c7e9a94e52686f03ce190ebc Mon Sep 17 00:00:00 2001 From: Seung-Woo Kim Date: Sun, 4 Dec 2016 17:29:08 -0800 Subject: Revert "kdbus: retrieve SECLABEL anew on each CONN_INFO (efl/launchpad developers' request)" This reverts commit 4119f2cdcf8ee06fd3b638034e6e9e8acfd0356c. Change-Id: I8bac50d970a49711f900b4377b020e3885b5607d --- ipc/kdbus/connection.c | 2 +- ipc/kdbus/metadata.c | 65 ++++++++++---------------------------------------- ipc/kdbus/metadata.h | 1 - 3 files changed, 14 insertions(+), 54 deletions(-) diff --git a/ipc/kdbus/connection.c b/ipc/kdbus/connection.c index f86ad1f4dcd5..02deba366839 100644 --- a/ipc/kdbus/connection.c +++ b/ipc/kdbus/connection.c @@ -212,10 +212,10 @@ static struct kdbus_conn *kdbus_conn_new(struct kdbus_ep *ep, KDBUS_ATTACH_CMDLINE | KDBUS_ATTACH_CGROUP | KDBUS_ATTACH_CAPS | + KDBUS_ATTACH_SECLABEL | KDBUS_ATTACH_AUDIT); if (ret < 0) goto exit_unref; - kdbus_meta_proc_mark_dynamic_seclabel(conn->meta_proc); } /* diff --git a/ipc/kdbus/metadata.c b/ipc/kdbus/metadata.c index 0f586f2a47d3..106ec26f2882 100644 --- a/ipc/kdbus/metadata.c +++ b/ipc/kdbus/metadata.c @@ -284,10 +284,9 @@ static int kdbus_meta_proc_collect_cgroup(struct kdbus_meta_proc *mp) return 0; } -static int kdbus_get_current_seclabel(char **pseclabel) +static int kdbus_meta_proc_collect_seclabel(struct kdbus_meta_proc *mp) { #ifdef CONFIG_SECURITY - char const *label; char *ctx = NULL; u32 sid, len; int ret; @@ -303,39 +302,15 @@ static int kdbus_get_current_seclabel(char **pseclabel) return (ret == -EOPNOTSUPP) ? 0 : ret; } - label = kstrdup(ctx, GFP_KERNEL); + mp->seclabel = kstrdup(ctx, GFP_KERNEL); security_release_secctx(ctx, len); - if (!label) + if (!mp->seclabel) return -ENOMEM; - *pseclabel = label; -#endif - return 0; -} -static int kdbus_meta_proc_collect_seclabel(struct kdbus_meta_proc *mp) -{ -#ifdef CONFIG_SECURITY - char *label; - int ret; - - ret = kdbus_get_current_seclabel(&label); - if (ret < 0) - return ret; - if (label) { - mp->valid |= KDBUS_ATTACH_SECLABEL; - mp->seclabel = label; - } -#endif - return 0; -} - -void kdbus_meta_proc_mark_dynamic_seclabel(struct kdbus_meta_proc *mp) -{ -#ifdef CONFIG_SECURITY - WARN_ON(mp->valid & KDBUS_ATTACH_SECLABEL); - WARN_ON(mp->seclabel); mp->valid |= KDBUS_ATTACH_SECLABEL; #endif + + return 0; } static void kdbus_meta_proc_collect_audit(struct kdbus_meta_proc *mp) @@ -831,7 +806,7 @@ struct kdbus_meta_staging { const char *exe_path; }; -static size_t kdbus_meta_measure(struct kdbus_meta_staging *staging, char const *seclabel) +static size_t kdbus_meta_measure(struct kdbus_meta_staging *staging) { const struct kdbus_meta_proc *mp = staging->mp; const struct kdbus_meta_fake *mf = staging->mf; @@ -876,7 +851,7 @@ static size_t kdbus_meta_measure(struct kdbus_meta_staging *staging, char const if (mf && (mask & KDBUS_ATTACH_SECLABEL)) size += KDBUS_ITEM_SIZE(strlen(mf->seclabel) + 1); else if (mp && (mask & KDBUS_ATTACH_SECLABEL)) - size += KDBUS_ITEM_SIZE(strlen(seclabel ?: mp->seclabel) + 1); + size += KDBUS_ITEM_SIZE(strlen(mp->seclabel) + 1); if (mp && (mask & KDBUS_ATTACH_AUDIT)) size += KDBUS_ITEM_SIZE(sizeof(struct kdbus_audit)); @@ -924,7 +899,7 @@ static struct kdbus_item *kdbus_write_full(struct kdbus_item **iter, } static size_t kdbus_meta_write(struct kdbus_meta_staging *staging, void *mem, - size_t size, char const *seclabel) + size_t size) { struct user_namespace *user_ns = staging->conn->cred->user_ns; struct pid_namespace *pid_ns = ns_of_pid(staging->conn->pid); @@ -1030,12 +1005,10 @@ static size_t kdbus_meta_write(struct kdbus_meta_staging *staging, void *mem, item = kdbus_write_full(&items, KDBUS_ITEM_SECLABEL, strlen(staging->mf->seclabel) + 1, staging->mf->seclabel); - else if (staging->mp && (staging->mask & KDBUS_ATTACH_SECLABEL)) { - char const *label = seclabel ?: staging->mp->seclabel; + else if (staging->mp && (staging->mask & KDBUS_ATTACH_SECLABEL)) item = kdbus_write_full(&items, KDBUS_ITEM_SECLABEL, - strlen(label) + 1, - label); - } + strlen(staging->mp->seclabel) + 1, + staging->mp->seclabel); if (staging->mp && (staging->mask & KDBUS_ATTACH_AUDIT)) { item = kdbus_write_head(&items, KDBUS_ITEM_AUDIT, @@ -1096,7 +1069,6 @@ int kdbus_meta_emit(struct kdbus_meta_proc *mp, struct kdbus_item *items = NULL; size_t size = 0; int ret; - char *seclabel = NULL; if (WARN_ON(mf && mp)) mp = NULL; @@ -1110,19 +1082,9 @@ int kdbus_meta_emit(struct kdbus_meta_proc *mp, if (mf) staging.mask |= mf->valid; if (mp) { - char const *mp_seclabel; mutex_lock(&mp->lock); staging.mask |= mp->valid; - mp_seclabel = mp->seclabel; mutex_unlock(&mp->lock); - if (staging.mask & mask & KDBUS_ATTACH_SECLABEL && !mp_seclabel) { - /* dynamic seclabel */ - ret = kdbus_get_current_seclabel(&seclabel); - if (ret < 0) - goto exit; - if (!seclabel) - staging.mask &= ~KDBUS_ATTACH_SECLABEL; - } } if (mc) { mutex_lock(&mc->lock); @@ -1169,7 +1131,7 @@ int kdbus_meta_emit(struct kdbus_meta_proc *mp, path_put(&p); } - size = kdbus_meta_measure(&staging, seclabel); + size = kdbus_meta_measure(&staging); if (!size) { /* bail out if nothing to do */ ret = 0; goto exit; @@ -1181,7 +1143,7 @@ int kdbus_meta_emit(struct kdbus_meta_proc *mp, goto exit; } - size = kdbus_meta_write(&staging, items, size, seclabel); + size = kdbus_meta_write(&staging, items, size); if (!size) { kfree(items); items = NULL; @@ -1190,7 +1152,6 @@ int kdbus_meta_emit(struct kdbus_meta_proc *mp, ret = 0; exit: - kfree(seclabel); if (staging.exe) free_page((unsigned long)staging.exe); if (ret >= 0) { diff --git a/ipc/kdbus/metadata.h b/ipc/kdbus/metadata.h index ea59291165a7..dba7cc7fdbcb 100644 --- a/ipc/kdbus/metadata.h +++ b/ipc/kdbus/metadata.h @@ -57,7 +57,6 @@ struct kdbus_meta_proc *kdbus_meta_proc_new(void); struct kdbus_meta_proc *kdbus_meta_proc_ref(struct kdbus_meta_proc *mp); struct kdbus_meta_proc *kdbus_meta_proc_unref(struct kdbus_meta_proc *mp); int kdbus_meta_proc_collect(struct kdbus_meta_proc *mp, u64 what); -void kdbus_meta_proc_mark_dynamic_seclabel(struct kdbus_meta_proc *mp); struct kdbus_meta_fake *kdbus_meta_fake_new(void); struct kdbus_meta_fake *kdbus_meta_fake_free(struct kdbus_meta_fake *mf); -- cgit v1.2.3