On 9/27/20 5:42 AM, rentianyue@xxxxxxxxxxxxx wrote:
From: Tianyue Ren <rentianyue@xxxxxxxxxx>
Fix to initialize isec->class with SECINITSID_UNLABELED other
than the from the xattr label when then dentry is NULL when
the filesystem is remounted before the policy loading.
Looks like this was broken by commit
9287aed2ad1ff1bde5eb190bcd6dccd5f1cf47d3 ("selinux: Convert isec->lock
into a spinlock").
Signed-off-by: Tianyue Ren <rentianyue@xxxxxxxxxx>
---
security/selinux/hooks.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index bf8328adad8f..da7295a546e0 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1499,6 +1499,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* inode_doinit with a dentry, before these inodes could
* be used again by userspace.
*/
+ isec->initialized = LABEL_INVALID;
goto out;
}
@@ -1553,8 +1554,10 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* inode_doinit() with a dentry, before these inodes
* could be used again by userspace.
*/
- if (!dentry)
+ if (!dentry) {
+ isec->initialized = LABEL_INVALID;
goto out;
+ }
rc = selinux_genfs_get_sid(dentry, sclass,
sbsec->flags, &sid);
if (rc) {
