Smack: Correctly remove SMACK64TRANSMUTE attribute
authorCasey Schaufler <casey@schaufler-ca.com>
Thu, 10 Apr 2014 23:35:36 +0000 (16:35 -0700)
committerCasey Schaufler <casey@schaufler-ca.com>
Fri, 11 Apr 2014 21:35:19 +0000 (14:35 -0700)
Sam Henderson points out that removing the SMACK64TRANSMUTE
attribute from a directory does not result in the directory
transmuting. This is because the inode flag indicating that
the directory is transmuting isn't cleared. The fix is a tad
less than trivial because smk_task and smk_mmap should have
been broken out, too.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
security/smack/smack_lsm.c

index a5d86ffbf9a0690f822acc1f3a5fe0e6bdfd4a55..3d1c9086d0d6dc3632fa2e4f33640417091f1761 100644 (file)
@@ -1026,18 +1026,31 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
        } else
                rc = cap_inode_removexattr(dentry, name);
 
+       if (rc != 0)
+               return rc;
+
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
        smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
-       if (rc == 0)
-               rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
 
-       if (rc == 0) {
-               isp = dentry->d_inode->i_security;
+       rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
+       if (rc != 0)
+               return rc;
+
+       isp = dentry->d_inode->i_security;
+       /*
+        * Don't do anything special for these.
+        *      XATTR_NAME_SMACKIPIN
+        *      XATTR_NAME_SMACKIPOUT
+        *      XATTR_NAME_SMACKEXEC
+        */
+       if (strcmp(name, XATTR_NAME_SMACK) == 0)
                isp->smk_task = NULL;
+       else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
                isp->smk_mmap = NULL;
-       }
+       else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
+               isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
 
-       return rc;
+       return 0;
 }
 
 /**