Smack: fix d_instantiate logic for sockfs and pipefs (805b65a8) · Commits · e / devices / android_kernel_fairphone_FP5

Since (v2.6.32) all inodes on sockfs and pipefs are disconnected. It caused filesystem specific code in smack_d_instantiate to be skipped, because all inodes on those pseudo filesystems were treated as root inodes. As a result all sockfs inodes had the Smack label set to floor. In most cases access checks for sockets use socket_smack data so the inode label is not important. But there are special cases that were broken. One example would be calling fcntl with F_SETOWN command on a socket fd. Now smack_d_instantiate expects all pipefs and sockfs inodes to be disconnected and has the logic in appropriate place. Signed-off-by:

Rafal Krypa <r.krypa@samsung.com> Signed-off-by:

Casey Schaufler <casey@schaufler-ca.com>

security/smack/smack_lsm.c

+7 −7

Original line number	Diff line number	Diff line
		@@ -3486,6 +3486,13 @@ static void smack_d_instantiate(struct dentry opt_dentry, struct inode inode)
		case PIPEFS_MAGIC:
		isp->smk_inode = smk_of_current();
		break;
		case SOCKFS_MAGIC:
		/*
		* Socket access is controlled by the socket
		* structures associated with the task involved.
		*/
		isp->smk_inode = &smack_known_star;
		break;
		default:
		isp->smk_inode = sbsp->smk_root;
		break;
		@@ -3502,19 +3509,12 @@ static void smack_d_instantiate(struct dentry opt_dentry, struct inode inode)
		*/
		switch (sbp->s_magic) {
		case SMACK_MAGIC:
		case PIPEFS_MAGIC:
		case SOCKFS_MAGIC:
		case CGROUP_SUPER_MAGIC:
		/*
		* Casey says that it's a little embarrassing
		* that the smack file system doesn't do
		* extended attributes.
		*
		* Casey says pipes are easy (?)
		*
		* Socket access is controlled by the socket
		* structures associated with the task involved.
		*
		* Cgroupfs is special
		*/
		final = &smack_known_star;