On Jul 18, 2023 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@xxxxxxxxxxxxxx> wrote:
>
> Log under the SELinux debug configuration when a caller to the LSM hook
> inode_init_security_anon does not pass a anonymous inode class name.
> The class name allows policy writers to transition the anonymous inode
> into a private type via a name based type transition.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
> security/selinux/hooks.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
Is this really a problem? There are two callers in v6.5-rc2 and both
properly populate the @name parameter.
Considering how easy it is to look up the callers in the kernel source
and ensure they are passing a valid @name parameter I'm inclined to
leave this patch unmerged.
Thoughts?
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index b8a8a4f0f2ad..f6ffab9958b6 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2918,6 +2918,17 @@ static int selinux_inode_init_security_anon(struct inode *inode,
> if (unlikely(!selinux_initialized()))
> return 0;
>
> +#ifdef CONFIG_SECURITY_SELINUX_DEBUG
> + /*
> + * Allow policy writers to transition the anonymous inode into
> + * a private type via a name based type transition.
> + */
> + if (!name) {
> + pr_debug("SELinux: no class given for anonymous inode\n");
> + dump_stack();
> + }
> +#endif
> +
> isec = selinux_inode(inode);
>
> /*
> --
> 2.40.1
--
paul-moore.com
