Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ea861dfd authored by Andreas Gruenbacher's avatar Andreas Gruenbacher Committed by Paul Moore
Browse files

security: Make inode argument of inode_getsecurity non-const 



Make the inode argument of the inode_getsecurity hook non-const so that
we can use it to revalidate invalid security labels.

Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
parent a44ca52c

include/linux/lsm_hooks.h

+1 −1
Original line number Original line Diff line number Diff line
@@ -1413,7 +1413,7 @@ union security_list_options { 
	int (*inode_removexattr)(struct dentry *dentry, const char *name);

	int (*inode_removexattr)(struct dentry *dentry, const char *name);

	int (*inode_need_killpriv)(struct dentry *dentry);

	int (*inode_need_killpriv)(struct dentry *dentry);

	int (*inode_killpriv)(struct dentry *dentry);

	int (*inode_killpriv)(struct dentry *dentry);

	int (*inode_getsecurity)(const struct inode *inode, const char *name,

	int (*inode_getsecurity)(struct inode *inode, const char *name,

					void **buffer, bool alloc);

					void **buffer, bool alloc);

	int (*inode_setsecurity)(struct inode *inode, const char *name,

	int (*inode_setsecurity)(struct inode *inode, const char *name,

					const void *value, size_t size,

					const void *value, size_t size,

include/linux/security.h

+2 −2
Original line number Original line Diff line number Diff line
@@ -270,7 +270,7 @@ int security_inode_listxattr(struct dentry *dentry); 
int security_inode_removexattr(struct dentry *dentry, const char *name);

int security_inode_removexattr(struct dentry *dentry, const char *name);

int security_inode_need_killpriv(struct dentry *dentry);

int security_inode_need_killpriv(struct dentry *dentry);

int security_inode_killpriv(struct dentry *dentry);

int security_inode_killpriv(struct dentry *dentry);

int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);

int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc);

int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);

int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);

int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);

int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);

void security_inode_getsecid(const struct inode *inode, u32 *secid);

void security_inode_getsecid(const struct inode *inode, u32 *secid);
@@ -719,7 +719,7 @@ static inline int security_inode_killpriv(struct dentry *dentry) 
	return cap_inode_killpriv(dentry);

	return cap_inode_killpriv(dentry);

}

}





static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)

static inline int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)

{

{

	return -EOPNOTSUPP;

	return -EOPNOTSUPP;

}

}

security/security.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -697,7 +697,7 @@ int security_inode_killpriv(struct dentry *dentry) 
	return call_int_hook(inode_killpriv, 0, dentry);

	return call_int_hook(inode_killpriv, 0, dentry);

}

}





int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)

int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)

{

{

	if (unlikely(IS_PRIVATE(inode)))

	if (unlikely(IS_PRIVATE(inode)))

		return -EOPNOTSUPP;

		return -EOPNOTSUPP;

security/selinux/hooks.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -3108,7 +3108,7 @@ static int selinux_inode_removexattr(struct dentry *dentry, const char *name) 
 *

 *

 * Permission check is handled by selinux_inode_getxattr hook.

 * Permission check is handled by selinux_inode_getxattr hook.

 */

 */

static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)

static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)

{

{

	u32 size;

	u32 size;

	int error;

	int error;

security/smack/smack_lsm.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -1465,7 +1465,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) 
 *

 *

 * Returns the size of the attribute or an error code

 * Returns the size of the attribute or an error code

 */

 */

static int smack_inode_getsecurity(const struct inode *inode,

static int smack_inode_getsecurity(struct inode *inode,

				   const char *name, void **buffer,

				   const char *name, void **buffer,

				   bool alloc)

				   bool alloc)

{

{