Unverified Commit 047636a2 authored Sep 26, 2024 by openeuler-ci-bot Committed by Gitee Sep 26, 2024

!11814 selinux,smack: don't bypass permissions check in inode_setsecctx hook

Merge Pull Request from: @ci-robot 
 
PR sync from: GONG Ruiqi <gongruiqi1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/SURKAAWV3VHTIEXCDZMM623CZVHQ4625/ 
 
https://gitee.com/src-openeuler/kernel/issues/IAR4JE 
 
Link:https://gitee.com/openeuler/kernel/pulls/11814

 

Reviewed-by: Zhang Peng <zhangpeng362@huawei.com>
Signed-off-by: Zhang Peng <zhangpeng362@huawei.com>

parents 6687c255 445c1865

security/selinux/hooks.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -6543,8 +6543,8 @@ static int selinux_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen
		*/
		static int selinux_inode_setsecctx(struct dentry dentry, void ctx, u32 ctxlen)
		{
		return __vfs_setxattr_noperm(&nop_mnt_idmap, dentry, XATTR_NAME_SELINUX,
		ctx, ctxlen, 0);
		return __vfs_setxattr_locked(&nop_mnt_idmap, dentry, XATTR_NAME_SELINUX,
		ctx, ctxlen, 0, NULL);
		}

		static int selinux_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen)

security/smack/smack_lsm.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -4770,8 +4770,8 @@ static int smack_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen)

		static int smack_inode_setsecctx(struct dentry dentry, void ctx, u32 ctxlen)
		{
		return __vfs_setxattr_noperm(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK,
		ctx, ctxlen, 0);
		return __vfs_setxattr_locked(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK,
		ctx, ctxlen, 0, NULL);
		}

		static int smack_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen)