Patch "smack: Retrieve transmuting information in smack_inode_getsecurity()" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 4 Oct 2023 06:28:22 -0400

This is a note to let you know that I've just added the patch titled

    smack: Retrieve transmuting information in smack_inode_getsecurity()

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     smack-retrieve-transmuting-information-in-smack_inod.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit e0f70bb8b0a8f1cd46921948f4c9a934e28ae114
Author: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
Date:   Mon May 8 19:02:33 2023 +0200

    smack: Retrieve transmuting information in smack_inode_getsecurity()
    
    [ Upstream commit 3a3d8fce31a49363cc31880dce5e3b0617c9c38b ]
    
    Enhance smack_inode_getsecurity() to retrieve the value for
    SMACK64TRANSMUTE from the inode security blob, similarly to SMACK64.
    
    This helps to display accurate values in the situation where the security
    labels come from mount options and not from xattrs.
    
    Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
    Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 84df97d0d3c58..f8c40c49d860c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1429,10 +1429,19 @@ static int smack_inode_getsecurity(struct user_namespace *mnt_userns,
 	struct super_block *sbp;
 	struct inode *ip = (struct inode *)inode;
 	struct smack_known *isp;
+	struct inode_smack *ispp;
+	size_t label_len;
+	char *label = NULL;
 
-	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
+	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
 		isp = smk_of_inode(inode);
-	else {
+	} else if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
+		ispp = smack_inode(inode);
+		if (ispp->smk_flags & SMK_INODE_TRANSMUTE)
+			label = TRANS_TRUE;
+		else
+			label = "";
+	} else {
 		/*
 		 * The rest of the Smack xattrs are only on sockets.
 		 */
@@ -1454,13 +1463,18 @@ static int smack_inode_getsecurity(struct user_namespace *mnt_userns,
 			return -EOPNOTSUPP;
 	}
 
+	if (!label)
+		label = isp->smk_known;
+
+	label_len = strlen(label);
+
 	if (alloc) {
-		*buffer = kstrdup(isp->smk_known, GFP_KERNEL);
+		*buffer = kstrdup(label, GFP_KERNEL);
 		if (*buffer == NULL)
 			return -ENOMEM;
 	}
 
-	return strlen(isp->smk_known);
+	return label_len;
 }
 
 






