android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3484eba91d
android_kernel_xiaomi_sm8450/fs
History
Mark Salyzyn 3484eba91d FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 
Add a flag option to get xattr method that could have a bit flag of
XATTR_NOSECURITY passed to it.  XATTR_NOSECURITY is generally then
set in the __vfs_getxattr path when called by security
infrastructure.

This handles the case of a union filesystem driver that is being
requested by the security layer to report back the xattr data.

For the use case where access is to be blocked by the security layer.

The path then could be security(dentry) ->
__vfs_getxattr(dentry...XATTR_NOSECURITY) ->
handler->get(dentry...XATTR_NOSECURITY) ->
__vfs_getxattr(lower_dentry...XATTR_NOSECURITY) ->
lower_handler->get(lower_dentry...XATTR_NOSECURITY)
which would report back through the chain data and success as
expected, the logging security layer at the top would have the
data to determine the access permissions and report back the target
context that was blocked.

Without the get handler flag, the path on a union filesystem would be
the errant security(dentry) -> __vfs_getxattr(dentry) ->
handler->get(dentry) -> vfs_getxattr(lower_dentry) -> nested ->
security(lower_dentry, log off) -> lower_handler->get(lower_dentry)
which would report back through the chain no data, and -EACCES.

For selinux for both cases, this would translate to a correctly
determined blocked access. In the first case with this change a correct avc
log would be reported, in the second legacy case an incorrect avc log
would be reported against an uninitialized u:object_r:unlabeled:s0
context making the logs cosmetically useless for audit2allow.

This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).

Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Acked-by: Jan Kara <jack@suse.cz>
Acked-by: Jeff Layton <jlayton@kernel.org>
Acked-by: David Sterba <dsterba@suse.com>
Acked-by: Darrick J. Wong <darrick.wong@oracle.com>
Acked-by: Mike Marshall <hubcap@omnibond.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linux-kernel@vger.kernel.org
Cc: kernel-team@android.com
Cc: linux-security-module@vger.kernel.org

(cherry picked from (rejected from archive because of too many recipients))
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 133515582
Bug: 136124883
Bug: 129319403
Change-Id: Iabbb8771939d5f66667a26bb23ddf4c562c349a1
2019-11-05 13:50:57 -08:00
..
9p FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
adfs Merge branch 'work.adfs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 11:33:22 -07:00
affs fs: affs: Initialize filesystem timestamp ranges 2019-08-30 07:27:18 -07:00
afs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
autofs autofs_lookup(): hold ->d_lock over playing with ->d_flags 2019-07-27 10:03:14 -04:00
befs fs: Fill in max and min timestamps in superblock 2019-08-30 07:27:17 -07:00
bfs fs: Fill in max and min timestamps in superblock 2019-08-30 07:27:17 -07:00
btrfs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
cachefiles treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
ceph FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
cifs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
coda y2038: add inode timestamp clamping 2019-09-19 09:42:37 -07:00
configfs configfs updates for 5.4: 2019-09-19 13:09:28 -07:00
cramfs Merge branch 'work.mount2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-09-19 10:06:57 -07:00
crypto FROMLIST: fscrypt: add inline encryption support 2019-10-30 22:01:39 +00:00
debugfs Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
devpts devpts_pty_kill(): don't bother with d_delete() 2019-09-03 09:30:56 -04:00
dlm dlm for 5.3 2019-07-12 17:37:53 -07:00
ecryptfs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
efivarfs Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
efs fs: Fill in max and min timestamps in superblock 2019-08-30 07:27:17 -07:00
erofs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
exportfs docs: fs: convert docs without extension to ReST 2019-07-31 13:31:05 -06:00
ext2 FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
ext4 FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
f2fs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
fat fat: delete an unnecessary check before brelse() 2019-09-25 17:51:40 -07:00
freevxfs fs: Fill in max and min timestamps in superblock 2019-08-30 07:27:17 -07:00
fscache Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
fuse FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
gfs2 FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
hfs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
hfsplus FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
hostfs This pull request contains the following changes for UML: 2019-05-12 17:52:13 -04:00
hpfs fs: hpfs: Initialize filesystem timestamp ranges 2019-08-30 08:11:25 -07:00
hugetlbfs Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
iomap iomap: move the iomap_dio_rw ->end_io callback into a structure 2019-09-19 15:32:45 -07:00
isofs y2038: add inode timestamp clamping 2019-09-19 09:42:37 -07:00
jbd2 jbd2: remove jbd2_journal_inode_add_[write|wait] 2019-09-24 15:54:07 -07:00
jffs2 FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
jfs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
kernfs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
lockd lockd: Make two symbols static 2019-07-03 17:52:09 -04:00
minix fs: Fill in max and min timestamps in superblock 2019-08-30 07:27:17 -07:00
nfs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
nfs_common treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
nfsd Highlights: 2019-09-27 17:00:27 -07:00
nilfs2 vfs: create a generic checking and prep function for FS_IOC_SETFLAGS 2019-07-01 08:25:34 -07:00
nls treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
notify Linux 5.4-rc1 2019-10-02 19:10:07 +02:00
ntfs ntfs: remove (un)?likely() from IS_ERR() conditions 2019-09-26 10:10:44 -07:00
ocfs2 FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
omfs fs: omfs: Initialize filesystem timestamp ranges 2019-08-30 08:11:25 -07:00
openpromfs Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
orangefs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
overlayfs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
proc Linux 5.4-rc4 2019-10-26 19:24:41 +02:00
pstore pstore: fs superblock limits 2019-08-30 08:11:25 -07:00
qnx4 fs: Fill in max and min timestamps in superblock 2019-08-30 07:27:17 -07:00
qnx6 fs: Fill in max and min timestamps in superblock 2019-08-30 07:27:17 -07:00
quota quota: fix condition for resetting time limit in do_set_dqblk() 2019-07-31 12:04:42 +02:00
ramfs vfs: Convert ramfs, shmem, tmpfs, devtmpfs, rootfs to use the new mount API 2019-09-12 21:05:34 -04:00
reiserfs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
romfs Merge branch 'work.mount2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-09-19 10:06:57 -07:00
sdcardfs ANDROID: sdcardfs: evict dentries on fscrypt key removal 2019-10-23 21:19:54 +00:00
squashfs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
sysfs Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
sysv fs: sysv: Initialize filesystem timestamp ranges 2019-08-30 07:27:18 -07:00
tracefs tracing: Do not create tracefs files if tracefs lockdown is in effect 2019-10-12 20:49:07 -04:00
ubifs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
udf fs-udf: Delete an unnecessary check before brelse() 2019-09-04 18:19:43 +02:00
ufs y2038: add inode timestamp clamping 2019-09-19 09:42:37 -07:00
unicode unicode: make array 'token' static const, makes object smaller 2019-09-17 11:48:24 -04:00
verity fs-verity: support builtin file signatures 2019-08-12 19:33:50 -07:00
xfs FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
aio.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
anon_inodes.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
attr.c Merge 5.4-rc1-prereleae into android-mainline 2019-09-23 14:14:08 +02:00
bad_inode.c
binfmt_aout.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
binfmt_elf_fdpic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
binfmt_elf.c elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings 2019-10-06 13:53:27 -07:00
binfmt_em86.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
binfmt_flat.c fs/binfmt_flat.c: remove set but not used variable 'inode' 2019-07-16 19:23:22 -07:00
binfmt_misc.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
binfmt_script.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
block_dev.c Changes for 5.4: 2019-09-18 17:35:20 -07:00
buffer.c FROMLIST: ext4: add inline encryption support 2019-10-30 22:02:05 +00:00
char_dev.c chardev: set variable ret to -EBUSY before checking minor range overlap 2019-05-24 20:50:36 +02:00
compat_binfmt_elf.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 193 2019-05-30 11:29:21 -07:00
compat_ioctl.c compat_ioctl: pppoe: fix PPPOEIOCSFWD handling 2019-07-30 14:42:13 -07:00
compat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
coredump.c Merge 5.3-rc3 into android-mainline 2019-08-05 05:21:19 +00:00
d_path.c [PATCH] fix d_absolute_path() interplay with fsmount() 2019-08-30 19:31:09 -04:00
dax.c fs/dax: Fix pmd vs pte conflict detection 2019-10-22 22:53:02 -07:00
dcache.c Merge branch 'work.dcache2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-20 09:15:51 -07:00
dcookies.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
direct-io.c fs/direct-io.c: fix kernel-doc warning 2019-10-14 15:04:01 -07:00
drop_caches.c fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() 2019-02-01 15:46:24 -08:00
eventfd.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
eventpoll.c Merge Linus's 5.4-rc1-prerelease branch into android-mainline 2019-09-20 16:07:54 -07:00
exec.c Linux 5.4-rc1 2019-10-02 19:10:07 +02:00
fcntl.c fs: mark expected switch fall-throughs 2019-04-08 18:21:02 -05:00
fhandle.c fs/handle.c - fix up kerneldoc 2019-08-07 21:51:47 -04:00
file_table.c vfs: Export flush_delayed_fput for use by knfsd. 2019-08-19 11:00:39 -04:00
file.c io_uring-2019-03-06 2019-03-08 14:48:40 -08:00
filesystems.c vfs: Implement a filesystem superblock creation/configuration context 2019-02-28 03:29:26 -05:00
fs_context.c vfs: subtype handling moved to fuse 2019-09-06 21:28:49 +02:00
fs_parser.c vfs: Make fs_parse() handle fs_param_is_fd-type params better 2019-09-12 21:06:14 -04:00
fs_pin.c switch the remnants of releasing the mountpoint away from fs_pin 2019-07-16 22:52:37 -04:00
fs_struct.c ANDROID: sdcardfs: Enable modular sdcardfs 2019-07-19 12:39:17 -07:00
fs_types.c fs: common implementation of file type 2019-01-21 17:48:13 +01:00
fs-writeback.c fs/fs-writeback.c: fix kernel-doc warning 2019-10-14 15:04:01 -07:00
fsopen.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
inode.c Merge 5.4-rc1-prelrease into android-mainline 2019-10-02 17:58:47 +02:00
internal.h Linus 5.3-rc1 2019-07-23 16:21:59 -07:00
io_uring.c io_uring: ensure we clear io_kiocb->result before each issue 2019-10-30 14:45:22 -06:00
ioctl.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
Kconfig Merge Linus's 5.4-rc1-prerelease branch into android-mainline 2019-09-20 16:07:54 -07:00
Kconfig.binfmt binfmt_flat: make support for old format binaries optional 2019-06-24 09:16:47 +10:00
libfs.c fs/libfs.c: fix kernel-doc warning 2019-10-14 15:04:01 -07:00
locks.c Highlights: 2019-09-27 17:00:27 -07:00
Makefile Merge Linus's 5.4-rc1-prerelease branch into android-mainline 2019-09-20 16:07:54 -07:00
mbcache.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
mount.h switch the remnants of releasing the mountpoint away from fs_pin 2019-07-16 22:52:37 -04:00
mpage.c Linus 5.3-rc1 2019-07-23 16:21:59 -07:00
namei.c Merge Linus's 5.4-rc1-prerelease branch into android-mainline 2019-09-20 16:07:54 -07:00
namespace.c Merge 5.4-rc1-prelrease into android-mainline 2019-10-02 17:58:47 +02:00
no-block.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nsfs.c vfs: Convert nsfs to use the new mount API 2019-05-25 18:00:06 -04:00
open.c Merge 5.4-rc1-prelrease into android-mainline 2019-10-02 17:58:47 +02:00
pipe.c vfs: Convert pipe to use the new mount API 2019-05-25 18:00:07 -04:00
pnode.c ANDROID: mnt: Add filesystem private data to mount points 2019-07-19 12:39:18 -07:00
pnode.h ANDROID: mnt: Add filesystem private data to mount points 2019-07-19 12:39:18 -07:00
posix_acl.c FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00
proc_namespace.c Merge 5.4-rc1-prelrease into android-mainline 2019-10-02 17:58:47 +02:00
read_write.c Linux 5.3-rc6 2019-08-26 16:45:30 +02:00
readdir.c filldir[64]: remove WARN_ON_ONCE() for bad directory entries 2019-10-18 18:41:16 -04:00
select.c fs/select.c: use struct_size() in kmalloc() 2019-07-16 19:23:25 -07:00
seq_file.c seq_file: fix problem when seeking mid-record 2019-08-13 16:06:52 -07:00
signalfd.c fs: mark expected switch fall-throughs 2019-04-08 18:21:02 -05:00
splice.c uio: make import_iovec()/compat_import_iovec() return bytes on success 2019-05-31 15:30:03 -06:00
stack.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
stat.c fs: move generic stat response attr handling to vfs_getattr_nosec 2019-02-01 01:55:45 -05:00
statfs.c vfs: Fix EOVERFLOW testing in put_compat_statfs64 2019-10-03 14:21:35 -07:00
super.c Merge branch 'work.mount3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-10-10 08:16:44 -07:00
sync.c Linux 5.2-rc1 2019-05-20 20:17:24 +02:00
timerfd.c timerfd: Prepare for PREEMPT_RT 2019-08-01 20:51:23 +02:00
userfaultfd.c Merge 5.4-rc1-prelrease into android-mainline 2019-10-02 17:58:47 +02:00
utimes.c Merge 5.4-rc1-prereleae into android-mainline 2019-09-23 14:14:08 +02:00
xattr.c FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr 2019-11-05 13:50:57 -08:00