Re: [PATCH (for 3.15) 3/5] AppArmor: Handle the rename flags.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/12/2014 06:24 AM, Tetsuo Handa wrote:
>>From 819e94ae3a6d9235196d137a39afa4e0bbd79770 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> Date: Mon, 12 May 2014 21:54:05 +0900
> Subject: [PATCH (for 3.15) 3/5] AppArmor: Handle the rename flags.
> 
> For AppArmor, the RENAME_EXCHANGE flag means "check permissions with
> reversed arguments" and "distinguish condition of source and target".
> Future patches will stop re-calculating pathnames.
> 
> Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>

This isn't quite right. For apparmor at this point these paths need to
be still treated like they are separate. The second aa_path_perm, is
checking the permission to move old_inode to new_path.

see below

I've added an updated patch below

> ---
>  security/apparmor/lsm.c |   22 ++++++++++++++++++++--
>  1 files changed, 20 insertions(+), 2 deletions(-)
> 
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index c0b4366..9f21296 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -331,7 +331,14 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
>  		struct path_cond cond = { old_dentry->d_inode->i_uid,
>  					  old_dentry->d_inode->i_mode
>  		};
> +		struct path_cond new_cond = cond;
>  
> +		if (flags & RENAME_EXCHANGE) {
> +			/* Cross rename requires both inodes to exist. */
> +			new_cond.uid = new_dentry->d_inode->i_uid;
> +			new_cond.mode = new_dentry->d_inode->i_mode;
> +		}
> +retry:
>  		error = aa_path_perm(OP_RENAME_SRC, profile, &old_path, 0,
>  				     MAY_READ | AA_MAY_META_READ | MAY_WRITE |
>  				     AA_MAY_META_WRITE | AA_MAY_DELETE,
> @@ -339,7 +346,18 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
>  		if (!error)
>  			error = aa_path_perm(OP_RENAME_DEST, profile, &new_path,
>  					     0, MAY_WRITE | AA_MAY_META_WRITE |
> -					     AA_MAY_CREATE, &cond);
> +					     AA_MAY_CREATE, &new_cond);
This isn't new_cond because its the permission to move old_inode to new_path

> +		if (!error && (flags & RENAME_EXCHANGE)) {
> +			struct path tmp_path = new_path;
> +			struct path_cond tmp_cond = new_cond;
> +
> +			new_path = old_path;
> +			old_path = tmp_path;
> +			new_cond = cond;
> +			cond = tmp_cond;
> +			flags = 0;
> +			goto retry;
> +		}
>  
>  	}
>  	return error;
> 

>From c07677ce007bbb5689b82bce0fab15a159f59874 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 12 May 2014 21:54:05 +0900
Subject: [PATCH] AppArmor: Handle the rename flags.

For AppArmor, the RENAME_EXCHANGE flag means "check permissions with
reversed arguments" and "distinguish condition of source and target".
Future patches will stop re-calculating pathnames.

Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: John Johansen <john.johansen@xxxxxxxxxxxxx>
---
 security/apparmor/lsm.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index c0b4366..d7d92ad 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -332,6 +332,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
 					  old_dentry->d_inode->i_mode
 		};
 
+retry:
 		error = aa_path_perm(OP_RENAME_SRC, profile, &old_path, 0,
 				     MAY_READ | AA_MAY_META_READ | MAY_WRITE |
 				     AA_MAY_META_WRITE | AA_MAY_DELETE,
@@ -340,6 +341,16 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
 			error = aa_path_perm(OP_RENAME_DEST, profile, &new_path,
 					     0, MAY_WRITE | AA_MAY_META_WRITE |
 					     AA_MAY_CREATE, &cond);
+		if (!error && (flags & RENAME_EXCHANGE)) {
+			struct path tmp_path = new_path;
+			new_path = old_path;
+			old_path = tmp_path;
+			/* Cross rename requires both inodes to exist. */
+			cond.uid = new_dentry->d_inode->i_uid;
+			cond.mode = new_dentry->d_inode->i_mode;
+			flags = 0;
+			goto retry;
+		}
 
 	}
 	return error;
-- 
2.0.0.rc0

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux