Patch "smack: Retrieve transmuting information in smack_inode_getsecurity()" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 4 Oct 2023 06:28:11 -0400

This is a note to let you know that I've just added the patch titled

    smack: Retrieve transmuting information in smack_inode_getsecurity()

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     smack-retrieve-transmuting-information-in-smack_inod.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 424341c7141a52285efacac280a0342d81f85b96
Author: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
Date:   Mon May 8 19:02:33 2023 +0200

    smack: Retrieve transmuting information in smack_inode_getsecurity()
    
    [ Upstream commit 3a3d8fce31a49363cc31880dce5e3b0617c9c38b ]
    
    Enhance smack_inode_getsecurity() to retrieve the value for
    SMACK64TRANSMUTE from the inode security blob, similarly to SMACK64.
    
    This helps to display accurate values in the situation where the security
    labels come from mount options and not from xattrs.
    
    Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
    Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1232c1d71d9f8..cd6a03e945eb7 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1476,10 +1476,19 @@ static int smack_inode_getsecurity(struct user_namespace *mnt_userns,
 	struct super_block *sbp;
 	struct inode *ip = (struct inode *)inode;
 	struct smack_known *isp;
+	struct inode_smack *ispp;
+	size_t label_len;
+	char *label = NULL;
 
-	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
+	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
 		isp = smk_of_inode(inode);
-	else {
+	} else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
+		ispp = smack_inode(inode);
+		if (ispp->smk_flags & SMK_INODE_TRANSMUTE)
+			label = TRANS_TRUE;
+		else
+			label = "";
+	} else {
 		/*
 		 * The rest of the Smack xattrs are only on sockets.
 		 */
@@ -1501,13 +1510,18 @@ static int smack_inode_getsecurity(struct user_namespace *mnt_userns,
 			return -EOPNOTSUPP;
 	}
 
+	if (!label)
+		label = isp->smk_known;
+
+	label_len = strlen(label);
+
 	if (alloc) {
-		*buffer = kstrdup(isp->smk_known, GFP_KERNEL);
+		*buffer = kstrdup(label, GFP_KERNEL);
 		if (*buffer == NULL)
 			return -ENOMEM;
 	}
 
-	return strlen(isp->smk_known);
+	return label_len;
 }
 
 






