Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e74f71eb authored by Al Viro's avatar Al Viro
Browse files

->permission() sanitizing: don't pass flags to ->inode_permission() 



pass that via mask instead.

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 10556cb2

include/linux/security.h

+1 −1
Original line number Diff line number Diff line
@@ -1456,7 +1456,7 @@ struct security_operations { 
			     struct inode *new_dir, struct dentry *new_dentry);

	int (*inode_readlink) (struct dentry *dentry);

	int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);

	int (*inode_permission) (struct inode *inode, int mask, unsigned flags);

	int (*inode_permission) (struct inode *inode, int mask);

	int (*inode_setattr)	(struct dentry *dentry, struct iattr *attr);

	int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);

	int (*inode_setxattr) (struct dentry *dentry, const char *name,

security/capability.c

+1 −1
Original line number Diff line number Diff line
@@ -181,7 +181,7 @@ static int cap_inode_follow_link(struct dentry *dentry, 
	return 0;

}



static int cap_inode_permission(struct inode *inode, int mask, unsigned flags)

static int cap_inode_permission(struct inode *inode, int mask)

{

	return 0;

}

security/security.c

+5 −2
Original line number Diff line number Diff line
@@ -518,14 +518,17 @@ int security_inode_permission(struct inode *inode, int mask) 
{

	if (unlikely(IS_PRIVATE(inode)))

		return 0;

	return security_ops->inode_permission(inode, mask, 0);

	return security_ops->inode_permission(inode, mask);

}



int security_inode_exec_permission(struct inode *inode, unsigned int flags)

{

	int mask = MAY_EXEC;

	if (unlikely(IS_PRIVATE(inode)))

		return 0;

	return security_ops->inode_permission(inode, MAY_EXEC, flags);

	if (flags)

		mask |= MAY_NOT_BLOCK;

	return security_ops->inode_permission(inode, mask);

}



int security_inode_setattr(struct dentry *dentry, struct iattr *attr)

security/selinux/hooks.c

+3 −2
Original line number Diff line number Diff line
@@ -2659,12 +2659,13 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na 
	return dentry_has_perm(cred, dentry, FILE__READ);

}



static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags)

static int selinux_inode_permission(struct inode *inode, int mask)

{

	const struct cred *cred = current_cred();

	struct common_audit_data ad;

	u32 perms;

	bool from_access;

	unsigned __flags = mask & MAY_NOT_BLOCK ? IPERM_FLAG_RCU : 0;



	from_access = mask & MAY_ACCESS;

	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
@@ -2681,7 +2682,7 @@ static int selinux_inode_permission(struct inode *inode, int mask, unsigned flag 


	perms = file_mask_to_av(inode->i_mode, mask);



	return inode_has_perm(cred, inode, perms, &ad, flags);

	return inode_has_perm(cred, inode, perms, &ad, __flags);

}



static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)

security/smack/smack_lsm.c

+3 −2
Original line number Diff line number Diff line
@@ -689,9 +689,10 @@ static int smack_inode_rename(struct inode *old_inode, 
 *

 * Returns 0 if access is permitted, -EACCES otherwise

 */

static int smack_inode_permission(struct inode *inode, int mask, unsigned flags)

static int smack_inode_permission(struct inode *inode, int mask)

{

	struct smk_audit_info ad;

	int no_block = mask & MAY_NOT_BLOCK;



	mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);

	/*
@@ -701,7 +702,7 @@ static int smack_inode_permission(struct inode *inode, int mask, unsigned flags) 
		return 0;



	/* May be droppable after audit */

	if (flags & IPERM_FLAG_RCU)

	if (no_block)

		return -ECHILD;

	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);

	smk_ad_setfield_u_fs_inode(&ad, inode);