1 files changed, 185 insertions, 0 deletions

diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0019-Smack-Rationalize-mount-restrictions.patch b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0019-Smack-Rationalize-mount-restrictions.patch
new file mode 100644
index 0000000..ca3fabe
--- /dev/null
+++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0019-Smack-Rationalize-mount-restrictions.patch
@@ -0,0 +1,185 @@
+From 4f315dddfeb6f5aadad30d85bf4374b4e05c6e43 Mon Sep 17 00:00:00 2001
+From: Casey Schaufler <casey@schaufler-ca.com>
+Date: Mon, 30 Dec 2013 09:38:00 -0800
+Subject: [PATCH 19/54] Smack: Rationalize mount restrictions
+
+The mount restrictions imposed by Smack rely heavily on the
+use of the filesystem "floor", which is the label that all
+processes writing to the filesystem must have access to. It
+turns out that while the "floor" notion is sound, it has yet
+to be fully implemented and has never been used.
+
+The sb_mount and sb_umount hooks only make sense if the
+filesystem floor is used actively, and it isn't. They can
+be reintroduced if a rational restriction comes up. Until
+then, they get removed.
+
+The sb_kern_mount hook is required for the option processing.
+It is too permissive in the case of unprivileged mounts,
+effectively bypassing the CAP_MAC_ADMIN restrictions if
+any of the smack options are specified. Unprivileged mounts
+are no longer allowed to set Smack filesystem options.
+Additionally, the root and default values are set to the
+label of the caller, in keeping with the policy that objects
+get the label of their creator.
+
+Targeted for git://git.gitorious.org/smack-next/kernel.git
+
+Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
+---
+ security/smack/smack_lsm.c | 83 ++++++++++++++++------------------------------
+ 1 file changed, 29 insertions(+), 54 deletions(-)
+
+diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
+index 67b7381d..d552832 100644
+--- a/security/smack/smack_lsm.c
++++ b/security/smack/smack_lsm.c
+@@ -229,7 +229,7 @@ static int smack_syslog(int typefrom_file)
+ 	if (smack_privileged(CAP_MAC_OVERRIDE))
+ 		return 0;
+ 
+-	 if (smack_syslog_label != NULL && smack_syslog_label != skp)
++	if (smack_syslog_label != NULL && smack_syslog_label != skp)
+ 		rc = -EACCES;
+ 
+ 	return rc;
+@@ -339,10 +339,12 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
+ 	struct inode *inode = root->d_inode;
+ 	struct superblock_smack *sp = sb->s_security;
+ 	struct inode_smack *isp;
++	struct smack_known *skp;
+ 	char *op;
+ 	char *commap;
+ 	char *nsp;
+ 	int transmute = 0;
++	int specified = 0;
+ 
+ 	if (sp->smk_initialized)
+ 		return 0;
+@@ -357,34 +359,56 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
+ 		if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
+ 			op += strlen(SMK_FSHAT);
+ 			nsp = smk_import(op, 0);
+-			if (nsp != NULL)
++			if (nsp != NULL) {
+ 				sp->smk_hat = nsp;
++				specified = 1;
++			}
+ 		} else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
+ 			op += strlen(SMK_FSFLOOR);
+ 			nsp = smk_import(op, 0);
+-			if (nsp != NULL)
++			if (nsp != NULL) {
+ 				sp->smk_floor = nsp;
++				specified = 1;
++			}
+ 		} else if (strncmp(op, SMK_FSDEFAULT,
+ 				   strlen(SMK_FSDEFAULT)) == 0) {
+ 			op += strlen(SMK_FSDEFAULT);
+ 			nsp = smk_import(op, 0);
+-			if (nsp != NULL)
++			if (nsp != NULL) {
+ 				sp->smk_default = nsp;
++				specified = 1;
++			}
+ 		} else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
+ 			op += strlen(SMK_FSROOT);
+ 			nsp = smk_import(op, 0);
+-			if (nsp != NULL)
++			if (nsp != NULL) {
+ 				sp->smk_root = nsp;
++				specified = 1;
++			}
+ 		} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
+ 			op += strlen(SMK_FSTRANS);
+ 			nsp = smk_import(op, 0);
+ 			if (nsp != NULL) {
+ 				sp->smk_root = nsp;
+ 				transmute = 1;
++				specified = 1;
+ 			}
+ 		}
+ 	}
+ 
++	if (!smack_privileged(CAP_MAC_ADMIN)) {
++		/*
++		 * Unprivileged mounts don't get to specify Smack values.
++		 */
++		if (specified)
++			return -EPERM;
++		/*
++		 * Unprivileged mounts get root and default from the caller.
++		 */
++		skp = smk_of_current();
++		sp->smk_root = skp->smk_known;
++		sp->smk_default = skp->smk_known;
++	}
+ 	/*
+ 	 * Initialize the root inode.
+ 	 */
+@@ -421,53 +445,6 @@ static int smack_sb_statfs(struct dentry *dentry)
+ 	return rc;
+ }
+ 
+-/**
+- * smack_sb_mount - Smack check for mounting
+- * @dev_name: unused
+- * @path: mount point
+- * @type: unused
+- * @flags: unused
+- * @data: unused
+- *
+- * Returns 0 if current can write the floor of the filesystem
+- * being mounted on, an error code otherwise.
+- */
+-static int smack_sb_mount(const char *dev_name, struct path *path,
+-			  const char *type, unsigned long flags, void *data)
+-{
+-	struct superblock_smack *sbp = path->dentry->d_sb->s_security;
+-	struct smk_audit_info ad;
+-
+-	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
+-	smk_ad_setfield_u_fs_path(&ad, *path);
+-
+-	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
+-}
+-
+-/**
+- * smack_sb_umount - Smack check for unmounting
+- * @mnt: file system to unmount
+- * @flags: unused
+- *
+- * Returns 0 if current can write the floor of the filesystem
+- * being unmounted, an error code otherwise.
+- */
+-static int smack_sb_umount(struct vfsmount *mnt, int flags)
+-{
+-	struct superblock_smack *sbp;
+-	struct smk_audit_info ad;
+-	struct path path;
+-
+-	path.dentry = mnt->mnt_root;
+-	path.mnt = mnt;
+-
+-	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
+-	smk_ad_setfield_u_fs_path(&ad, path);
+-
+-	sbp = path.dentry->d_sb->s_security;
+-	return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
+-}
+-
+ /*
+  * BPRM hooks
+  */
+@@ -3762,8 +3739,6 @@ struct security_operations smack_ops = {
+ 	.sb_copy_data = 		smack_sb_copy_data,
+ 	.sb_kern_mount = 		smack_sb_kern_mount,
+ 	.sb_statfs = 			smack_sb_statfs,
+-	.sb_mount = 			smack_sb_mount,
+-	.sb_umount = 			smack_sb_umount,
+ 
+ 	.bprm_set_creds =		smack_bprm_set_creds,
+ 	.bprm_committing_creds =	smack_bprm_committing_creds,
+-- 
+2.1.4
+