From patchwork Wed Jun 7 12:36:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 104484 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:6358:3046:b0:115:7a1d:dabb with SMTP id p6csp329455rwl; Wed, 7 Jun 2023 05:46:58 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6YRhGcADqTs53siEiI6zZWiZ4aBiIY9i9smegjTRA5Dfx0kY/9+iCMpS7ymGgYTPKTZXQa X-Received: by 2002:a05:6a00:1883:b0:646:9232:df6 with SMTP id x3-20020a056a00188300b0064692320df6mr7339210pfh.33.1686142017712; Wed, 07 Jun 2023 05:46:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686142017; cv=none; d=google.com; s=arc-20160816; b=d1B4ZZqu9fCCqzb2hQ2uoUayUlp+1EOmOHT5vDhMlgUc90bUDNPHaySG23HmJjGZrq Fjl6MmvWumYQHfjPsCg2MuXTeeQiw6HhzRR1jg8j0rO1S3BmJQY+bQZYEAQj4WCKpXpy fVntnpEufFrKsMQuptvT7BA4Tmsa9NoX8Mbx+MVdTbCaWzFjHflv6sOO3wDGTSBPOtiF DhjQj6vMMS5/wQeUX9dCED/A+//e52U9lwFHlP3dkWFEi2wYepTJQBkHc0f00XYWrqxy e19dTSAmaZGMjrOWtfRgEZEHvxE/X7Ydmj2DKaejOhxgxJJm54RM2vbSSiiU/No1vB9N u91w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=oZ1wIM1S91u1RatLE9jk9e3tklmE5zmVjnr07sHwcJQ=; b=SEjCB3hte4pt6yBXtqM6oo95QzXUWXj1YLuyE23gTb7U6nvPjRtHxZS7rK1mVlp5iw 5BmYEBH6UAIYOQPAJqUYwaJcgkBrXqivN3zN3E/LHPfS4udz3J7gCFroY7EyVcZ7IwBz B4faugaQh4L6g/8pdcvR+VWGu6gxUvyFcNsSw6LqKaFj1PkzmZGwmYQDHREshGRIXQ47 ZbPmkyGw66I87+voUUiyXxD7atd1qft+UCyBhzy/J1p8/2AVn82m1vIQ5Z8FeSa1vXIx HuAF0yxdQfeVlnNCIE+E6oYwAGzbWfxX4WexKA0uYXiJYjFP7v1gBo7fna6QpZfBMhu3 pFmw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a127-20020a624d85000000b006519ca72dc6si8447013pfb.161.2023.06.07.05.46.42; Wed, 07 Jun 2023 05:46:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240958AbjFGMha (ORCPT + 99 others); Wed, 7 Jun 2023 08:37:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46492 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235884AbjFGMg5 (ORCPT ); Wed, 7 Jun 2023 08:36:57 -0400 Received: from frasgout13.his.huawei.com (unknown [14.137.139.46]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 017D7173B; Wed, 7 Jun 2023 05:36:56 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.18.147.227]) by frasgout13.his.huawei.com (SkyGuard) with ESMTP id 4QbmmP6t6Zz9xrpX; Wed, 7 Jun 2023 20:26:29 +0800 (CST) Received: from huaweicloud.com (unknown [10.204.63.22]) by APP1 (Coremail) with SMTP id LxC2BwCnJgLMeYBkSckaAw--.4176S4; Wed, 07 Jun 2023 13:36:43 +0100 (CET) From: Roberto Sassu To: casey@schaufler-ca.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Roberto Sassu , stable@vger.kernel.org Subject: [RFC][PATCH 2/5] smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Date: Wed, 7 Jun 2023 14:36:09 +0200 Message-Id: <20230607123612.2791303-3-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607123612.2791303-1-roberto.sassu@huaweicloud.com> References: <20230607123612.2791303-1-roberto.sassu@huaweicloud.com> MIME-Version: 1.0 X-CM-TRANSID: LxC2BwCnJgLMeYBkSckaAw--.4176S4 X-Coremail-Antispam: 1UD129KBjvdXoW7Wr15tF17uw4xtrWfZFyxXwb_yoWkZFg_Wr yjyF95Xrs8A3W3Xa97Ar1Fvrn2g3y8Xr1Fq3Wft343Za4rXr1kJa15Jry5XFW5Zw4xJ393 CFn8WFyfAw17XjkaLaAFLSUrUUUUjb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUbfAYFVCjjxCrM7AC8VAFwI0_Wr0E3s1l1xkIjI8I6I8E6xAIw20E Y4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l82xGYIkIc2x26280x7IE14v26r15M2 8IrcIa0xkI8VCY1x0267AKxVW8JVW5JwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK 021l84ACjcxK6xIIjxv20xvE14v26r1I6r4UM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r 4UJVWxJr1l84ACjcxK6I8E87Iv67AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_ Gr1j6F4UJwAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ew Av7VC0I7IYx2IY67AKxVWUGVWUXwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY 6r1j6r4UM4x0Y48IcxkI7VAKI48JMxkF7I0En4kS14v26r4a6rW5MxAIw28IcxkI7VAKI4 8JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr0_Jr4lx2IqxVCjr7xv wVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUtVW8ZwCIc40Y0x0EwIxGrwCI42IY6xIIjx v20xvE14v26r1I6r4UMIIF0xvE2Ix0cI8IcVCY1x0267AKxVW8Jr0_Cr1UMIIF0xvE42xK 8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I 0E14v26r4UJVWxJrUvcSsGvfC2KfnxnUUI43ZEXa7IU0WUDJUUUUU== X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAgABBF1jj4pZywAAsu X-CFilter-Loop: Reflected X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,KHOP_HELO_FCRDNS, MAY_BE_FORGED,PDS_RDNS_DYNAMIC_FP,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3, RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768048052536692976?= X-GMAIL-MSGID: =?utf-8?q?1768048052536692976?= From: Roberto Sassu If the SMACK64TRANSMUTE xattr is provided, and the inode is a directory, update the in-memory inode flags by setting SMK_INODE_TRANSMUTE. Cc: stable@vger.kernel.org Fixes: 5c6d1125f8db ("Smack: Transmute labels on specified directories") # v2.6.38.x Signed-off-by: Roberto Sassu --- security/smack/smack_lsm.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 53fc6a1034d..162ca400f07 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2802,6 +2802,15 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, if (value == NULL || size > SMK_LONGLABEL || size == 0) return -EINVAL; + if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) { + if (!S_ISDIR(inode->i_mode) || size != TRANS_TRUE_SIZE || + strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) + return -EINVAL; + + nsp->smk_flags |= SMK_INODE_TRANSMUTE; + return 0; + } + skp = smk_import_entry(value, size); if (IS_ERR(skp)) return PTR_ERR(skp);