Unverified Commit a7cf5c04 authored Sep 26, 2024 by openeuler-ci-bot Committed by Gitee Sep 26, 2024

!11815 selinux,smack: don't bypass permissions check in inode_setsecctx hook

Merge Pull Request from: @ci-robot 
 
PR sync from: GONG Ruiqi <gongruiqi1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/ADBRYGAVN2UQFDXEIBEDGXSNKWC4U76Q/ 
 
https://gitee.com/src-openeuler/kernel/issues/IAR4JE 
 
Link:https://gitee.com/openeuler/kernel/pulls/11815

 

Reviewed-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

parents 6048262d a17d856f

security/selinux/hooks.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -6556,7 +6556,7 @@ static int selinux_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen
		*/
		static int selinux_inode_setsecctx(struct dentry dentry, void ctx, u32 ctxlen)
		{
		return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
		return __vfs_setxattr_locked(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0, NULL);
		}

		static int selinux_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen)

security/smack/smack_lsm.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -4626,7 +4626,7 @@ static int smack_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen)

		static int smack_inode_setsecctx(struct dentry dentry, void ctx, u32 ctxlen)
		{
		return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
		return __vfs_setxattr_locked(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0, NULL);
		}

		static int smack_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen)