LSM: Fix for security_inode_getsecurity and -EOPNOTSUPP
authorCasey Schaufler <casey@schaufler-ca.com>
Wed, 1 Jun 2016 00:24:15 +0000 (17:24 -0700)
committerJames Morris <james.l.morris@oracle.com>
Mon, 6 Jun 2016 09:59:18 +0000 (19:59 +1000)
Serge Hallyn pointed out that the current implementation of
security_inode_getsecurity() works if there is only one hook
provided for it, but will fail if there is more than one and
the attribute requested isn't supplied by the first module.
This isn't a problem today, since only SELinux and Smack
provide this hook and there is (currently) no way to enable
both of those modules at the same time. Serge, however, wants
to introduce a capability attribute and an inode_getsecurity
hook in the capability security module to handle it. This
addresses that upcoming problem, will be required for "extreme
stacking" and is just a better implementation.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/security.c

index 709569305d329c6e7742e4e0d0513e9d9110b4a3..c4bb47db30ee53aba57746a83e6660be37c918b6 100644 (file)
@@ -700,18 +700,39 @@ int security_inode_killpriv(struct dentry *dentry)
 
 int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
 {
+       struct security_hook_list *hp;
+       int rc;
+
        if (unlikely(IS_PRIVATE(inode)))
                return -EOPNOTSUPP;
-       return call_int_hook(inode_getsecurity, -EOPNOTSUPP, inode, name,
-                               buffer, alloc);
+       /*
+        * Only one module will provide an attribute with a given name.
+        */
+       list_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) {
+               rc = hp->hook.inode_getsecurity(inode, name, buffer, alloc);
+               if (rc != -EOPNOTSUPP)
+                       return rc;
+       }
+       return -EOPNOTSUPP;
 }
 
 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
 {
+       struct security_hook_list *hp;
+       int rc;
+
        if (unlikely(IS_PRIVATE(inode)))
                return -EOPNOTSUPP;
-       return call_int_hook(inode_setsecurity, -EOPNOTSUPP, inode, name,
-                               value, size, flags);
+       /*
+        * Only one module will provide an attribute with a given name.
+        */
+       list_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) {
+               rc = hp->hook.inode_setsecurity(inode, name, value, size,
+                                                               flags);
+               if (rc != -EOPNOTSUPP)
+                       return rc;
+       }
+       return -EOPNOTSUPP;
 }
 
 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)