Commit a83d6dda authored by Ondrej Mosnacek's avatar Ondrej Mosnacek Committed by Paul Moore
Browse files

selinux: never allow relabeling on context mounts 



In the SECURITY_FS_USE_MNTPOINT case we never want to allow relabeling
files/directories, so we should never set the SBLABEL_MNT flag. The
'special handling' in selinux_is_sblabel_mnt() is only intended for when
the behavior is set to SECURITY_FS_USE_GENFS.

While there, make the logic in selinux_is_sblabel_mnt() more explicit
and add a BUILD_BUG_ON() to make sure that introducing a new
SECURITY_FS_USE_* forces a review of the logic.

Fixes: d5f3a5f6 ("selinux: add security in-core xattr support for pstore and debugfs")
Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
Reviewed-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent e46e01ee

security/selinux/hooks.c

+31 −9
Original line number Diff line number Diff line
@@ -534,16 +534,10 @@ static int may_context_mount_inode_relabel(u32 sid, 
	return rc;

}



static int selinux_is_sblabel_mnt(struct super_block *sb)

static int selinux_is_genfs_special_handling(struct super_block *sb)

{

	struct superblock_security_struct *sbsec = sb->s_security;



	return sbsec->behavior == SECURITY_FS_USE_XATTR ||

		sbsec->behavior == SECURITY_FS_USE_TRANS ||

		sbsec->behavior == SECURITY_FS_USE_TASK ||

		sbsec->behavior == SECURITY_FS_USE_NATIVE ||

	/* Special handling. Genfs but also in-core setxattr handler */

		!strcmp(sb->s_type->name, "sysfs") ||

	return	!strcmp(sb->s_type->name, "sysfs") ||

		!strcmp(sb->s_type->name, "pstore") ||

		!strcmp(sb->s_type->name, "debugfs") ||

		!strcmp(sb->s_type->name, "tracefs") ||
@@ -553,6 +547,34 @@ static int selinux_is_sblabel_mnt(struct super_block *sb) 
		  !strcmp(sb->s_type->name, "cgroup2")));

}



static int selinux_is_sblabel_mnt(struct super_block *sb)

{

	struct superblock_security_struct *sbsec = sb->s_security;



	/*

	 * IMPORTANT: Double-check logic in this function when adding a new

	 * SECURITY_FS_USE_* definition!

	 */

	BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7);



	switch (sbsec->behavior) {

	case SECURITY_FS_USE_XATTR:

	case SECURITY_FS_USE_TRANS:

	case SECURITY_FS_USE_TASK:

	case SECURITY_FS_USE_NATIVE:

		return 1;



	case SECURITY_FS_USE_GENFS:

		return selinux_is_genfs_special_handling(sb);



	/* Never allow relabeling on context mounts */

	case SECURITY_FS_USE_MNTPOINT:

	case SECURITY_FS_USE_NONE:

	default:

		return 0;

	}

}



static int sb_finish_set_opts(struct super_block *sb)

{

	struct superblock_security_struct *sbsec = sb->s_security;

CRA Git | Maintained and supported by SUSTech CRA and CCSE