ANDROID: overlayfs: internal getxattr operations without sepolicy checking

Check impure, opaque, origin & meta xattr with no sepolicy audit
(using __vfs_getxattr) since these operations are internal to
overlayfs operations and do not disclose any data.  This became
an issue for credential override off since sys_admin would have
been required by the caller; whereas would have been inherently
present for the creator since it performed the mount.

This is a change in operations since we do not check in the new
ovl_vfs_getxattr function if the credential override is off or
not.  Reasoning is that the sepolicy check is unnecessary overhead,
especially since the check can be expensive.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 133515582
Bug: 136124883
Bug: 129319403
Change-Id: I34d99cc46e9e87a79efc8d05f85980bbc137f7eb

diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index c078ae4b5a3393bab062e5d54479338f5ce791d0..0743fb4cc3c082ce855453d6d994b2aa86972ebe 100644 (file)
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -539,12 +539,13 @@ unsigned int ovl_get_nlink(struct dentry *lowerdentry,
        int nlink_diff;
        int nlink;
        char buf[13];
-       int err;
+       ssize_t err;
 
        if (!lowerdentry || !upperdentry || d_inode(lowerdentry)->i_nlink == 1)
                return fallback;
 
-       err = vfs_getxattr(upperdentry, OVL_XATTR_NLINK, &buf, sizeof(buf) - 1);
+       err = ovl_vfs_getxattr(upperdentry, OVL_XATTR_NLINK,
+                              &buf, sizeof(buf) - 1);
        if (err < 0)
                goto fail;
 

diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index 2f08467880cf893577949439ac47db98ab050352..009136588d0c5a9abf9d763b1177101971549164 100644 (file)
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -29,10 +29,10 @@ struct ovl_lookup_data {
 static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d,
                              size_t prelen, const char *post)
 {
-       int res;
+       ssize_t res;
        char *s, *next, *buf = NULL;
 
-       res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0);
+       res = ovl_vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0);
        if (res < 0) {
                if (res == -ENODATA || res == -EOPNOTSUPP)
                        return 0;
@@ -45,7 +45,7 @@ static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d,
        if (res == 0)
                goto invalid;
 
-       res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res);
+       res = ovl_vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res);
        if (res < 0)
                goto fail;
        if (res == 0)
@@ -99,10 +99,10 @@ static int ovl_acceptable(void *ctx, struct dentry *dentry)
 
 static struct ovl_fh *ovl_get_origin_fh(struct dentry *dentry)
 {
-       int res;
+       ssize_t res;
        struct ovl_fh *fh = NULL;
 
-       res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, NULL, 0);
+       res = ovl_vfs_getxattr(dentry, OVL_XATTR_ORIGIN, NULL, 0);
        if (res < 0) {
                if (res == -ENODATA || res == -EOPNOTSUPP)
                        return NULL;
@@ -116,7 +116,7 @@ static struct ovl_fh *ovl_get_origin_fh(struct dentry *dentry)
        if (!fh)
                return ERR_PTR(-ENOMEM);
 
-       res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, fh, res);
+       res = ovl_vfs_getxattr(dentry, OVL_XATTR_ORIGIN, fh, res);
        if (res < 0)
                goto fail;
 
@@ -142,10 +142,11 @@ out:
        return NULL;
 
 fail:
-       pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res);
+       pr_warn_ratelimited("overlayfs: failed to get origin (%zi)\n", res);
        goto out;
 invalid:
-       pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh);
+       pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n",
+                           (int)res, fh);
        goto out;
 }
 

diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index f4569f341f698f4a85c560c7c5502c3c000f20f5..fdf83a10a9d3bb0a57d172da9ec75c2bcf9d8a3d 100644 (file)
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -188,6 +188,8 @@ void ovl_drop_write(struct dentry *dentry);
 struct dentry *ovl_workdir(struct dentry *dentry);
 const struct cred *ovl_override_creds(struct super_block *sb);
 void ovl_revert_creds(const struct cred *oldcred);
+ssize_t ovl_vfs_getxattr(struct dentry *dentry, const char *name, void *buf,
+                        size_t size);
 struct super_block *ovl_same_sb(struct super_block *sb);
 bool ovl_can_decode_fh(struct super_block *sb);
 struct dentry *ovl_indexdir(struct super_block *sb);

diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
index ce179c2ce616373dbe844540c844dcb8d825bd94..e2244c134c9c70eb9f0f499e4c0ed7450cdd8eb9 100644 (file)
--- a/fs/overlayfs/util.c
+++ b/fs/overlayfs/util.c
@@ -52,6 +52,12 @@ void ovl_revert_creds(const struct cred *old_cred)
                revert_creds(old_cred);
 }
 
+ssize_t ovl_vfs_getxattr(struct dentry *dentry, const char *name, void *buf,
+                        size_t size)
+{
+       return __vfs_getxattr(dentry, d_inode(dentry), name, buf, size);
+}
+
 struct super_block *ovl_same_sb(struct super_block *sb)
 {
        struct ovl_fs *ofs = sb->s_fs_info;
@@ -339,13 +345,13 @@ void ovl_copy_up_end(struct dentry *dentry)
 
 bool ovl_check_dir_xattr(struct dentry *dentry, const char *name)
 {
-       int res;
+       ssize_t res;
        char val;
 
        if (!d_is_dir(dentry))
                return false;
 
-       res = vfs_getxattr(dentry, name, &val, 1);
+       res = ovl_vfs_getxattr(dentry, name, &val, 1);
        if (res == 1 && val == 'y')
                return true;