summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVivek Goyal <vgoyal@redhat.com>2016-07-01 16:34:27 -0400
committerSeung-Woo Kim <sw0312.kim@samsung.com>2024-02-23 18:04:43 +0900
commit5a94266ffef42b9c1a6e3a0e98b1e999c96c31d2 (patch)
treeb019c6bea509a6f04447436cd830a05a1db0d0d0
parenta4d5911f4f73a974031ad893e9bda1eb2550ebf7 (diff)
downloademulator-kernel-5a94266ffef42b9c1a6e3a0e98b1e999c96c31d2.tar.gz
emulator-kernel-5a94266ffef42b9c1a6e3a0e98b1e999c96c31d2.tar.bz2
emulator-kernel-5a94266ffef42b9c1a6e3a0e98b1e999c96c31d2.zip
ovl: modify ovl_permission() to do checks on two inodes
commit c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862 upstream. Right now ovl_permission() calls __inode_permission(realinode), to do permission checks on real inode and no checks are done on overlay inode. Modify it to do checks both on overlay inode as well as underlying inode. Checks on overlay inode will be done with the creds of calling task while checks on underlying inode will be done with the creds of mounter. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> [ Srivatsa: 4.4.y backport: - Skipped the hunk modifying non-existent function ovl_get_acl() - Adjusted the error path - Included linux/cred.h to get prototype for revert_creds() ] Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [sw0312.kim: cherry-pick linux-4.4.y commit b24be4acd17a to fix smack deny issue on overlayfs] Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com> Change-Id: I7cdf2f9136a916c844373be56f84dfc23b8d3bcf
-rw-r--r--fs/overlayfs/inode.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 985a4cdae06d..9aff8178aa8c 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -9,6 +9,7 @@
#include <linux/fs.h>
#include <linux/slab.h>
+#include <linux/cred.h>
#include <linux/xattr.h>
#include "overlayfs.h"
@@ -91,6 +92,7 @@ int ovl_permission(struct inode *inode, int mask)
struct ovl_entry *oe;
struct dentry *alias = NULL;
struct inode *realinode;
+ const struct cred *old_cred;
struct dentry *realdentry;
bool is_upper;
int err;
@@ -143,7 +145,18 @@ int ovl_permission(struct inode *inode, int mask)
goto out_dput;
}
+ /*
+ * Check overlay inode with the creds of task and underlying inode
+ * with creds of mounter
+ */
+ err = generic_permission(inode, mask);
+ if (err)
+ goto out_dput;
+
+ old_cred = ovl_override_creds(inode->i_sb);
err = __inode_permission(realinode, mask);
+ revert_creds(old_cred);
+
out_dput:
dput(alias);
return err;