Home Explore Help
Sign In
PUBLIC_REPOS
/
ti-processor-sdk-linux
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

selinux: never allow relabeling on context mounts

commit a83d6ddaebe541570291205cb538e35ad4ff94f9 upstream.

In the SECURITY_FS_USE_MNTPOINT case we never want to allow relabeling
files/directories, so we should never set the SBLABEL_MNT flag. The
'special handling' in selinux_is_sblabel_mnt() is only intended for when
the behavior is set to SECURITY_FS_USE_GENFS.

While there, make the logic in selinux_is_sblabel_mnt() more explicit
and add a BUILD_BUG_ON() to make sure that introducing a new
SECURITY_FS_USE_* forces a review of the logic.

Fixes: d5f3a5f6e7e7 ("selinux: add security in-core xattr support for pstore and debugfs")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ondrej Mosnacek 7 years ago
parent
6b13ae52ac
commit
574be22140
1 changed files with 31 additions and 9 deletions
Split View Show Diff Stats
  1. 31 9
      security/selinux/hooks.c

+ 31 - 9
security/selinux/hooks.c
View File 

@@ -497,16 +497,10 @@ static int may_context_mount_inode_relabel(u32 sid,
 
 	return rc;
 
 }
 
 
-static int selinux_is_sblabel_mnt(struct super_block *sb)
 
+static int selinux_is_genfs_special_handling(struct super_block *sb)
 
 {
 
-	struct superblock_security_struct *sbsec = sb->s_security;
 
-
 
-	return sbsec->behavior == SECURITY_FS_USE_XATTR ||
 
-		sbsec->behavior == SECURITY_FS_USE_TRANS ||
 
-		sbsec->behavior == SECURITY_FS_USE_TASK ||
 
-		sbsec->behavior == SECURITY_FS_USE_NATIVE ||
 
-		/* Special handling. Genfs but also in-core setxattr handler */
 
-		!strcmp(sb->s_type->name, "sysfs") ||
 
+	/* Special handling. Genfs but also in-core setxattr handler */
 
+	return	!strcmp(sb->s_type->name, "sysfs") ||
 
 		!strcmp(sb->s_type->name, "pstore") ||
 
 		!strcmp(sb->s_type->name, "debugfs") ||
 
 		!strcmp(sb->s_type->name, "tracefs") ||
 
@@ -516,6 +510,34 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
 
 		  !strcmp(sb->s_type->name, "cgroup2")));
 
 }
 
 
+static int selinux_is_sblabel_mnt(struct super_block *sb)
 
+{
 
+	struct superblock_security_struct *sbsec = sb->s_security;
 
+
 
+	/*
 
+	 * IMPORTANT: Double-check logic in this function when adding a new
 
+	 * SECURITY_FS_USE_* definition!
 
+	 */
 
+	BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7);
 
+
 
+	switch (sbsec->behavior) {
 
+	case SECURITY_FS_USE_XATTR:
 
+	case SECURITY_FS_USE_TRANS:
 
+	case SECURITY_FS_USE_TASK:
 
+	case SECURITY_FS_USE_NATIVE:
 
+		return 1;
 
+
 
+	case SECURITY_FS_USE_GENFS:
 
+		return selinux_is_genfs_special_handling(sb);
 
+
 
+	/* Never allow relabeling on context mounts */
 
+	case SECURITY_FS_USE_MNTPOINT:
 
+	case SECURITY_FS_USE_NONE:
 
+	default:
 
+		return 0;
 
+	}
 
+}
 
+
 
 static int sb_finish_set_opts(struct super_block *sb)
 
 {
 
 	struct superblock_security_struct *sbsec = sb->s_security;