releases/4.4.180/selinux-never-allow-relabeling-on-context-mounts.patch

   1 From a83d6ddaebe541570291205cb538e35ad4ff94f9 Mon Sep 17 00:00:00 2001
   2 From: Ondrej Mosnacek <omosnace@redhat.com>
   3 Date: Fri, 21 Dec 2018 21:18:52 +0100
   4 Subject: selinux: never allow relabeling on context mounts
   5
   6 From: Ondrej Mosnacek <omosnace@redhat.com>
   7
   8 commit a83d6ddaebe541570291205cb538e35ad4ff94f9 upstream.
   9
  10 In the SECURITY_FS_USE_MNTPOINT case we never want to allow relabeling
  11 files/directories, so we should never set the SBLABEL_MNT flag. The
  12 'special handling' in selinux_is_sblabel_mnt() is only intended for when
  13 the behavior is set to SECURITY_FS_USE_GENFS.
  14
  15 While there, make the logic in selinux_is_sblabel_mnt() more explicit
  16 and add a BUILD_BUG_ON() to make sure that introducing a new
  17 SECURITY_FS_USE_* forces a review of the logic.
  18
  19 Fixes: d5f3a5f6e7e7 ("selinux: add security in-core xattr support for pstore and debugfs")
  20 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
  21 Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
  22 Signed-off-by: Paul Moore <paul@paul-moore.com>
  23 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  24
  25 ---
  26  security/selinux/hooks.c |   40 +++++++++++++++++++++++++++++++---------
  27  1 file changed, 31 insertions(+), 9 deletions(-)
  28
  29 --- a/security/selinux/hooks.c
  30 +++ b/security/selinux/hooks.c
  31 @@ -396,21 +396,43 @@ static int may_context_mount_inode_relab
  32         return rc;
  33  }
  34
  35 -static int selinux_is_sblabel_mnt(struct super_block *sb)
  36 +static int selinux_is_genfs_special_handling(struct super_block *sb)
  37  {
  38 -       struct superblock_security_struct *sbsec = sb->s_security;
  39 -
  40 -       return sbsec->behavior == SECURITY_FS_USE_XATTR ||
  41 -               sbsec->behavior == SECURITY_FS_USE_TRANS ||
  42 -               sbsec->behavior == SECURITY_FS_USE_TASK ||
  43 -               sbsec->behavior == SECURITY_FS_USE_NATIVE ||
  44 -               /* Special handling. Genfs but also in-core setxattr handler */
  45 -               !strcmp(sb->s_type->name, "sysfs") ||
  46 +       /* Special handling. Genfs but also in-core setxattr handler */
  47 +       return  !strcmp(sb->s_type->name, "sysfs") ||
  48                 !strcmp(sb->s_type->name, "pstore") ||
  49                 !strcmp(sb->s_type->name, "debugfs") ||
  50                 !strcmp(sb->s_type->name, "rootfs");
  51  }
  52
  53 +static int selinux_is_sblabel_mnt(struct super_block *sb)
  54 +{
  55 +       struct superblock_security_struct *sbsec = sb->s_security;
  56 +
  57 +       /*
  58 +        * IMPORTANT: Double-check logic in this function when adding a new
  59 +        * SECURITY_FS_USE_* definition!
  60 +        */
  61 +       BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7);
  62 +
  63 +       switch (sbsec->behavior) {
  64 +       case SECURITY_FS_USE_XATTR:
  65 +       case SECURITY_FS_USE_TRANS:
  66 +       case SECURITY_FS_USE_TASK:
  67 +       case SECURITY_FS_USE_NATIVE:
  68 +               return 1;
  69 +
  70 +       case SECURITY_FS_USE_GENFS:
  71 +               return selinux_is_genfs_special_handling(sb);
  72 +
  73 +       /* Never allow relabeling on context mounts */
  74 +       case SECURITY_FS_USE_MNTPOINT:
  75 +       case SECURITY_FS_USE_NONE:
  76 +       default:
  77 +               return 0;
  78 +       }
  79 +}
  80 +
  81  static int sb_finish_set_opts(struct super_block *sb)
  82  {
  83         struct superblock_security_struct *sbsec = sb->s_security;