]>
Commit | Line | Data |
---|---|---|
ab5a003b GKH |
1 | From a83d6ddaebe541570291205cb538e35ad4ff94f9 Mon Sep 17 00:00:00 2001 |
2 | From: Ondrej Mosnacek <omosnace@redhat.com> | |
3 | Date: Fri, 21 Dec 2018 21:18:52 +0100 | |
4 | Subject: selinux: never allow relabeling on context mounts | |
5 | ||
6 | From: Ondrej Mosnacek <omosnace@redhat.com> | |
7 | ||
8 | commit a83d6ddaebe541570291205cb538e35ad4ff94f9 upstream. | |
9 | ||
10 | In the SECURITY_FS_USE_MNTPOINT case we never want to allow relabeling | |
11 | files/directories, so we should never set the SBLABEL_MNT flag. The | |
12 | 'special handling' in selinux_is_sblabel_mnt() is only intended for when | |
13 | the behavior is set to SECURITY_FS_USE_GENFS. | |
14 | ||
15 | While there, make the logic in selinux_is_sblabel_mnt() more explicit | |
16 | and add a BUILD_BUG_ON() to make sure that introducing a new | |
17 | SECURITY_FS_USE_* forces a review of the logic. | |
18 | ||
19 | Fixes: d5f3a5f6e7e7 ("selinux: add security in-core xattr support for pstore and debugfs") | |
20 | Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> | |
21 | Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> | |
22 | Signed-off-by: Paul Moore <paul@paul-moore.com> | |
23 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
24 | ||
25 | --- | |
26 | security/selinux/hooks.c | 40 +++++++++++++++++++++++++++++++--------- | |
27 | 1 file changed, 31 insertions(+), 9 deletions(-) | |
28 | ||
29 | --- a/security/selinux/hooks.c | |
30 | +++ b/security/selinux/hooks.c | |
31 | @@ -396,21 +396,43 @@ static int may_context_mount_inode_relab | |
32 | return rc; | |
33 | } | |
34 | ||
35 | -static int selinux_is_sblabel_mnt(struct super_block *sb) | |
36 | +static int selinux_is_genfs_special_handling(struct super_block *sb) | |
37 | { | |
38 | - struct superblock_security_struct *sbsec = sb->s_security; | |
39 | - | |
40 | - return sbsec->behavior == SECURITY_FS_USE_XATTR || | |
41 | - sbsec->behavior == SECURITY_FS_USE_TRANS || | |
42 | - sbsec->behavior == SECURITY_FS_USE_TASK || | |
43 | - sbsec->behavior == SECURITY_FS_USE_NATIVE || | |
44 | - /* Special handling. Genfs but also in-core setxattr handler */ | |
45 | - !strcmp(sb->s_type->name, "sysfs") || | |
46 | + /* Special handling. Genfs but also in-core setxattr handler */ | |
47 | + return !strcmp(sb->s_type->name, "sysfs") || | |
48 | !strcmp(sb->s_type->name, "pstore") || | |
49 | !strcmp(sb->s_type->name, "debugfs") || | |
50 | !strcmp(sb->s_type->name, "rootfs"); | |
51 | } | |
52 | ||
53 | +static int selinux_is_sblabel_mnt(struct super_block *sb) | |
54 | +{ | |
55 | + struct superblock_security_struct *sbsec = sb->s_security; | |
56 | + | |
57 | + /* | |
58 | + * IMPORTANT: Double-check logic in this function when adding a new | |
59 | + * SECURITY_FS_USE_* definition! | |
60 | + */ | |
61 | + BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7); | |
62 | + | |
63 | + switch (sbsec->behavior) { | |
64 | + case SECURITY_FS_USE_XATTR: | |
65 | + case SECURITY_FS_USE_TRANS: | |
66 | + case SECURITY_FS_USE_TASK: | |
67 | + case SECURITY_FS_USE_NATIVE: | |
68 | + return 1; | |
69 | + | |
70 | + case SECURITY_FS_USE_GENFS: | |
71 | + return selinux_is_genfs_special_handling(sb); | |
72 | + | |
73 | + /* Never allow relabeling on context mounts */ | |
74 | + case SECURITY_FS_USE_MNTPOINT: | |
75 | + case SECURITY_FS_USE_NONE: | |
76 | + default: | |
77 | + return 0; | |
78 | + } | |
79 | +} | |
80 | + | |
81 | static int sb_finish_set_opts(struct super_block *sb) | |
82 | { | |
83 | struct superblock_security_struct *sbsec = sb->s_security; |