Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit f4ca486c authored by Mark Salyzyn's avatar Mark Salyzyn Committed by Jeevan Shriram
Browse files

ANDROID: overlayfs: internal getxattr operations without sepolicy checking 



Check impure, opaque, origin & meta xattr with no sepolicy audit
(using __vfs_getxattr) since these operations are internal to
overlayfs operations and do not disclose any data.  This became
an issue for credential override off since sys_admin would have
been required by the caller; whereas would have been inherently
present for the creator since it performed the mount.

This is a change in operations since we do not check in the new
ovl_vfs_getxattr function if the credential override is off or
not.  Reasoning is that the sepolicy check is unnecessary overhead,
especially since the check can be expensive.

Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
Bug: 133515582
Bug: 136124883
Bug: 129319403
Change-Id: I34d99cc46e9e87a79efc8d05f85980bbc137f7eb
Git-commit: 9f32911c
Git-repo: https://android.googlesource.com/kernel/common


[jshriram@codeaurora.org: No changes]
Signed-off-by: default avatarJeevan Shriram <jshriram@codeaurora.org>
parent e16dfc09
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment