diff options
| author | Jarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com> | 2010-12-07 13:34:01 +0200 |
|---|---|---|
| committer | Casey Schaufler <casey@schaufler-ca.com> | 2010-12-07 14:04:02 -0800 |
| commit | 5c6d1125f8dbd1bfef39e38fbc2837003be78a59 (patch) | |
| tree | 368d34e800bc5478442679323270d776b79501e8 /security/smack/smack.h | |
| parent | fe27d4b012273640e033be80f143bdc54daa8e16 (diff) | |
| download | kernel_samsung_smdk4412-5c6d1125f8dbd1bfef39e38fbc2837003be78a59.zip kernel_samsung_smdk4412-5c6d1125f8dbd1bfef39e38fbc2837003be78a59.tar.gz kernel_samsung_smdk4412-5c6d1125f8dbd1bfef39e38fbc2837003be78a59.tar.bz2 | |
Smack: Transmute labels on specified directories
In a situation where Smack access rules allow processes
with multiple labels to write to a directory it is easy
to get into a situation where the directory gets cluttered
with files that the owner can't deal with because while
they could be written to the directory a process at the
label of the directory can't write them. This is generally
the desired behavior, but when it isn't it is a real
issue.
This patch introduces a new attribute SMACK64TRANSMUTE that
instructs Smack to create the file with the label of the directory
under certain circumstances.
A new access mode, "t" for transmute, is made available to
Smack access rules, which are expanded from "rwxa" to "rwxat".
If a file is created in a directory marked as transmutable
and if access was granted to perform the operation by a rule
that included the transmute mode, then the file gets the
Smack label of the directory instead of the Smack label of the
creating process.
Note that this is equivalent to creating an empty file at the
label of the directory and then having the other process write
to it. The transmute scheme requires that both the access rule
allows transmutation and that the directory be explicitly marked.
Signed-off-by: Jarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smack.h')
| -rw-r--r-- | security/smack/smack.h | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index a2e2cdf..129c4eb 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -62,6 +62,7 @@ struct task_smack { }; #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ +#define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ /* * A label access rule. @@ -167,6 +168,10 @@ struct smack_known { #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ /* + * Flag for transmute access + */ +#define MAY_TRANSMUTE 64 +/* * Just to make the common cases easier to deal with */ #define MAY_ANY (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) @@ -197,6 +202,7 @@ struct inode_smack *new_inode_smack(char *); /* * These functions are in smack_access.c */ +int smk_access_entry(char *, char *); int smk_access(char *, char *, int, struct smk_audit_info *); int smk_curacc(char *, u32, struct smk_audit_info *); int smack_to_cipso(const char *, struct smack_cipso *); @@ -240,6 +246,15 @@ static inline void smack_catset_bit(int cat, char *catsetp) } /* + * Is the directory transmuting? + */ +static inline int smk_inode_transmutable(const struct inode *isp) +{ + struct inode_smack *sip = isp->i_security; + return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; +} + +/* * Present a pointer to the smack label in an inode blob. */ static inline char *smk_of_inode(const struct inode *isp) @@ -265,7 +280,7 @@ static inline char *smk_of_forked(const struct task_smack *tsp) } /* - * Present a pointer to the smack label in the curren task blob. + * Present a pointer to the smack label in the current task blob. */ static inline char *smk_of_current(void) { |