summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRafal Krypa <r.krypa@samsung.com>2016-12-13 10:44:53 +0900
committerSeokYeon Hwang <syeon.hwang@samsung.com>2016-12-18 22:14:09 -0800
commitef86ba27a5f3443c27e200199fa1bbbb9c4d6c10 (patch)
tree2d656503e8d0c2988308780c3151c30ecf67d1c5
parent11e91b6133b6ed0606599d3e2ddb2b44818db49c (diff)
downloademulator-kernel-ef86ba27a5f3443c27e200199fa1bbbb9c4d6c10.tar.gz
emulator-kernel-ef86ba27a5f3443c27e200199fa1bbbb9c4d6c10.tar.bz2
emulator-kernel-ef86ba27a5f3443c27e200199fa1bbbb9c4d6c10.zip
Smack: fix d_instantiate logic for sockfs and pipefs
Since 4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected. It caused filesystem specific code in smack_d_instantiate to be skipped, because all inodes on those pseudo filesystems were treated as root inodes. As a result all sockfs inodes had the Smack label set to floor. In most cases access checks for sockets use socket_smack data so the inode label is not important. But there are special cases that were broken. One example would be calling fcntl with F_SETOWN command on a socket fd. Now smack_d_instantiate expects all pipefs and sockfs inodes to be disconnected and has the logic in appropriate place. Change-Id: Id83469a5b29958ec7c2cdbafbbaa014276126351 Signed-off-by: Rafal Krypa <r.krypa@samsung.com> Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
-rw-r--r--security/smack/smack_lsm.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 44731d3d5f65..1f481d4b13ba 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3422,6 +3422,13 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
case PIPEFS_MAGIC:
isp->smk_inode = smk_of_current();
break;
+ case SOCKFS_MAGIC:
+ /*
+ * Socket access is controlled by the socket
+ * structures associated with the task involved.
+ */
+ isp->smk_inode = &smack_known_star;
+ break;
default:
isp->smk_inode = sbsp->smk_root;
break;
@@ -3438,19 +3445,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
*/
switch (sbp->s_magic) {
case SMACK_MAGIC:
- case PIPEFS_MAGIC:
- case SOCKFS_MAGIC:
case CGROUP_SUPER_MAGIC:
/*
* Casey says that it's a little embarrassing
* that the smack file system doesn't do
* extended attributes.
*
- * Casey says pipes are easy (?)
- *
- * Socket access is controlled by the socket
- * structures associated with the task involved.
- *
* Cgroupfs is special
*/
final = &smack_known_star;