On 8/23/22 6:05 PM, Paul Moore wrote:
> On Tue, Aug 23, 2022 at 7:46 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
>>
>> Limit io_uring "cmd" options to files for which the caller has
>> Smack read access. There may be cases where the cmd option may
>> be closer to a write access than a read, but there is no way
>> to make that determination.
>>
>> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
>> --
>> security/smack/smack_lsm.c | 32 ++++++++++++++++++++++++++++++++
>> 1 file changed, 32 insertions(+)
>>
>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
>> index 001831458fa2..bffccdc494cb 100644
>> --- a/security/smack/smack_lsm.c
>> +++ b/security/smack/smack_lsm.c
>
> ...
>
>> @@ -4732,6 +4733,36 @@ static int smack_uring_sqpoll(void)
>> return -EPERM;
>> }
>>
>> +/**
>> + * smack_uring_cmd - check on file operations for io_uring
>> + * @ioucmd: the command in question
>> + *
>> + * Make a best guess about whether a io_uring "command" should
>> + * be allowed. Use the same logic used for determining if the
>> + * file could be opened for read in the absence of better criteria.
>> + */
>> +static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
>> +{
>> + struct file *file = ioucmd->file;
>> + struct smk_audit_info ad;
>> + struct task_smack *tsp;
>> + struct inode *inode;
>> + int rc;
>> +
>> + if (!file)
>> + return -EINVAL;
>
> Perhaps this is a better question for Jens, but ioucmd->file is always
> going to be valid when the LSM hook is called, yes?
file will always be valid for uring commands, as they are marked as
requiring a file. If no valid fd is given for it, it would've been
errored early on, before reaching f_op->uring_cmd().
--
Jens Axboe
