diff options
author | Rafal Krypa <r.krypa@samsung.com> | 2016-12-13 10:44:53 +0900 |
---|---|---|
committer | SeokYeon Hwang <syeon.hwang@samsung.com> | 2016-12-18 22:14:09 -0800 |
commit | ef86ba27a5f3443c27e200199fa1bbbb9c4d6c10 (patch) | |
tree | 2d656503e8d0c2988308780c3151c30ecf67d1c5 | |
parent | 11e91b6133b6ed0606599d3e2ddb2b44818db49c (diff) | |
download | emulator-kernel-ef86ba27a5f3443c27e200199fa1bbbb9c4d6c10.tar.gz emulator-kernel-ef86ba27a5f3443c27e200199fa1bbbb9c4d6c10.tar.bz2 emulator-kernel-ef86ba27a5f3443c27e200199fa1bbbb9c4d6c10.zip |
Smack: fix d_instantiate logic for sockfs and pipefs
Since 4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected.
It caused filesystem specific code in smack_d_instantiate to be skipped,
because all inodes on those pseudo filesystems were treated as root inodes.
As a result all sockfs inodes had the Smack label set to floor.
In most cases access checks for sockets use socket_smack data so the inode
label is not important. But there are special cases that were broken.
One example would be calling fcntl with F_SETOWN command on a socket fd.
Now smack_d_instantiate expects all pipefs and sockfs inodes to be
disconnected and has the logic in appropriate place.
Change-Id: Id83469a5b29958ec7c2cdbafbbaa014276126351
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
-rw-r--r-- | security/smack/smack_lsm.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 44731d3d5f65..1f481d4b13ba 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3422,6 +3422,13 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) case PIPEFS_MAGIC: isp->smk_inode = smk_of_current(); break; + case SOCKFS_MAGIC: + /* + * Socket access is controlled by the socket + * structures associated with the task involved. + */ + isp->smk_inode = &smack_known_star; + break; default: isp->smk_inode = sbsp->smk_root; break; @@ -3438,19 +3445,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) */ switch (sbp->s_magic) { case SMACK_MAGIC: - case PIPEFS_MAGIC: - case SOCKFS_MAGIC: case CGROUP_SUPER_MAGIC: /* * Casey says that it's a little embarrassing * that the smack file system doesn't do * extended attributes. * - * Casey says pipes are easy (?) - * - * Socket access is controlled by the socket - * structures associated with the task involved. - * * Cgroupfs is special */ final = &smack_known_star; |