smack: Set the SMACK64TRANSMUTE xattr in smack_inode_init_security()

With the newly added ability of LSMs to supply multiple xattrs, set
SMACK64TRASMUTE in smack_inode_init_security(), instead of d_instantiate().
Do it by incrementing SMACK_INODE_INIT_XATTRS to 2 and by calling
lsm_get_xattr_slot() a second time, if the transmuting conditions are met.

The LSM infrastructure passes all xattrs provided by LSMs to the
filesystems through the initxattrs() callback, so that filesystems can
store xattrs in the disk.

After the change, the SMK_INODE_TRANSMUTE inode flag is always set by
d_instantiate() after fetching SMACK64TRANSMUTE from the disk. Before it
was done by smack_inode_post_setxattr() as result of the __vfs_setxattr()
call.

Removing __vfs_setxattr() also prevents invalidating the EVM HMAC, by
adding a new xattr without checking and updating the existing HMAC.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/smack/smack.h b/security/smack/smack.h
index aa15ff56ed6e717cf299a1d933f3f73d29bb0964..041688e5a77a3edf33e3c856aab252fc3495b045 100644 (file)
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -128,7 +128,7 @@ struct task_smack {
 
 #define        SMK_INODE_INSTANT       0x01    /* inode is instantiated */
 #define        SMK_INODE_TRANSMUTE     0x02    /* directory is transmuting */
-#define        SMK_INODE_CHANGED       0x04    /* smack was transmuted */
+#define        SMK_INODE_CHANGED       0x04    /* smack was transmuted (unused) */
 #define        SMK_INODE_IMPURE        0x08    /* involved in an impure transaction */
 
 /*

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 25ade3819aff02e058ac3613d109e8b05722c2b4..679156601a10d39ae8f452212e1c170394129339 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -52,7 +52,14 @@
 #define SMK_RECEIVING  1
 #define SMK_SENDING    2
 
-#define SMACK_INODE_INIT_XATTRS 1
+/*
+ * Smack uses multiple xattrs.
+ * SMACK64 - for access control,
+ * SMACK64TRANSMUTE - label initialization,
+ * Not saved on files - SMACK64IPIN and SMACK64IPOUT,
+ * Must be set explicitly - SMACK64EXEC and SMACK64MMAP
+ */
+#define SMACK_INODE_INIT_XATTRS 2
 
 #ifdef SMACK_IPV6_PORT_LABELING
 static DEFINE_MUTEX(smack_ipv6_lock);
@@ -935,7 +942,6 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
                                     struct xattr *xattrs, int *xattr_count)
 {
        struct task_smack *tsp = smack_cred(current_cred());
-       struct inode_smack *issp = smack_inode(inode);
        struct smack_known *skp = smk_of_task(tsp);
        struct smack_known *isp = smk_of_inode(inode);
        struct smack_known *dsp = smk_of_inode(dir);
@@ -963,6 +969,8 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
                if ((tsp->smk_task == tsp->smk_transmuted) ||
                    (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
                     smk_inode_transmutable(dir))) {
+                       struct xattr *xattr_transmute;
+
                        /*
                         * The caller of smack_dentry_create_files_as()
                         * should have overridden the current cred, so the
@@ -971,7 +979,18 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
                         */
                        if (tsp->smk_task != tsp->smk_transmuted)
                                isp = dsp;
-                       issp->smk_flags |= SMK_INODE_CHANGED;
+                       xattr_transmute = lsm_get_xattr_slot(xattrs,
+                                                            xattr_count);
+                       if (xattr_transmute) {
+                               xattr_transmute->value = kmemdup(TRANS_TRUE,
+                                                                TRANS_TRUE_SIZE,
+                                                                GFP_NOFS);
+                               if (!xattr_transmute->value)
+                                       return -ENOMEM;
+
+                               xattr_transmute->value_len = TRANS_TRUE_SIZE;
+                               xattr_transmute->name = XATTR_SMACK_TRANSMUTE;
+                       }
                }
 
                xattr->value = kstrdup(isp->smk_known, GFP_NOFS);
@@ -3518,20 +3537,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
                         * If there is a transmute attribute on the
                         * directory mark the inode.
                         */
-                       if (isp->smk_flags & SMK_INODE_CHANGED) {
-                               isp->smk_flags &= ~SMK_INODE_CHANGED;
-                               rc = __vfs_setxattr(&nop_mnt_idmap, dp, inode,
-                                       XATTR_NAME_SMACKTRANSMUTE,
-                                       TRANS_TRUE, TRANS_TRUE_SIZE,
-                                       0);
-                       } else {
-                               rc = __vfs_getxattr(dp, inode,
-                                       XATTR_NAME_SMACKTRANSMUTE, trattr,
-                                       TRANS_TRUE_SIZE);
-                               if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
-                                                      TRANS_TRUE_SIZE) != 0)
-                                       rc = -EINVAL;
-                       }
+                       rc = __vfs_getxattr(dp, inode,
+                                           XATTR_NAME_SMACKTRANSMUTE, trattr,
+                                           TRANS_TRUE_SIZE);
+                       if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
+                                              TRANS_TRUE_SIZE) != 0)
+                               rc = -EINVAL;
                        if (rc >= 0)
                                transflag = SMK_INODE_TRANSMUTE;
                }