Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751652AbbDQB7r (ORCPT <rfc822;w@1wt.eu>);
	Thu, 16 Apr 2015 21:59:47 -0400
Received: from mailout3.samsung.com ([203.254.224.33]:11483 "EHLO
	mailout3.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751025AbbDQB7h (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 16 Apr 2015 21:59:37 -0400
MIME-version: 1.0
Content-type: text/plain; charset=UTF-8
X-AuditID: cbfee68f-f793b6d000005f66-0f-5530690779ab
Content-transfer-encoding: 8BIT
Message-id: <55306921.3080508@samsung.com>
Date: Fri, 17 Apr 2015 11:00:01 +0900
From: Seung-Woo Kim <sw0312.kim@samsung.com>
Reply-to: sw0312.kim@samsung.com
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121011
 Thunderbird/16.0.1
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: james.l.morris@oracle.com, serge@hallyn.com,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org,
        sumit.semwal@linaro.org, linaro-mm-sig@lists.linaro.org,
        jy0922.shim@samsung.com, Seung-Woo Kim <sw0312.kim@samsung.com>
Subject: Re: [RFC PATCH] Security: ignore private inode from
 security_file_receive
References: <1429191656-8866-1-git-send-email-sw0312.kim@samsung.com>
 <552FBDB3.4060806@tycho.nsa.gov>
In-reply-to: <552FBDB3.4060806@tycho.nsa.gov>
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrAIsWRmVeSWpSXmKPExsWyRsSkQJc90yDUoHGFoEXf4yCLF/cuslh8
	ufKQyeLyrjlsFh96HrFZHN69mNni/IVz7Ban7n5mt5gx+SWbA6fHtd2RHneu7WHzuP3vMbPH
	x6e3WDz6tqxi9Ng6/T+rx+dNcgHsUVw2Kak5mWWpRfp2CVwZTx/MYyo4wlexbNs55gbGK9xd
	jJwcEgImEu8vnWCGsMUkLtxbz9bFyMUhJLCUUeLel7esMEVTTi1ih0gsYpS4PXUdE0iCV0BQ
	4sfkeyxdjBwczALyEkcuZYOEmQXUJSbNW8QMUf+AUeLX+fVQ9VoSP9a9ZwexWQRUJSa2NbKA
	2GwCOhL7l/wGWyYkoCBxZeIxdpCZogJhEjs3p4OERYBmLns+gxFkJrPAF0aJr7P+s4EkhAVC
	JO5Nfc0I0ZshcfNfB1icU0BXYsn2C0wgDRICP9klLu/sZYVYLCDxbfIhsKMlBGQlNh2A+l5S
	4uCKGywTGMVnIXltFsJrs5C8toCReRWjaGpBckFxUnqRsV5xYm5xaV66XnJ+7iZGYMSe/ves
	fwfj3QPWhxgFOBiVeHgPxBuECrEmlhVX5h5iNAU6YiKzlGhyPjAt5JXEGxqbGVmYmpgaG5lb
	mimJ8y6U+hksJJCeWJKanZpakFoUX1Sak1p8iJGJg1OqgdHtUrXeR12jhp/TW27llC/ouHWu
	gfvwg8ojPVqaDloaDcwrInpaJ/p+373UXljuVL9ds85kiahjfztn/zLh3r7qXWfsW7lfQOcr
	3bxz/crlILdlfye//KOXY6l57x7bLsmcyp07tWJk8/wMCuvFuHkO2TxYq5url5G38R6P9vY5
	65a5/2VfqsRSnJFoqMVcVJwIAARZMB7TAgAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupileLIzCtJLcpLzFFi42I5/e+xgC57pkGoQds9Dou+x0EWL+5dZLH4
	cuUhk8XlXXPYLD70PGKzOLx7MbPF+Qvn2C1O3f3MbjFj8ks2B06Pa7sjPe5c28PmcfvfY2aP
	j09vsXj0bVnF6LF1+n9Wj8+b5ALYoxoYbTJSE1NSixRS85LzUzLz0m2VvIPjneNNzQwMdQ0t
	LcyVFPISc1NtlVx8AnTdMnOALlNSKEvMKQUKBSQWFyvp22GaEBripmsB0xih6xsSBNdjZIAG
	EtYwZjx9MI+p4AhfxbJt55gbGK9wdzFyckgImEhMObWIHcIWk7hwbz1bFyMXh5DAIkaJ21PX
	MYEkeAUEJX5MvsfSxcjBwSwgL3HkUjZImFlAXWLSvEXMEPUPGCV+nV8PVa8l8WPde7ChLAKq
	EhPbGllAbDYBHYn9S36zgthCAgoSVyYeYweZKSoQJrFzczpIWARo5rLnMxhBZjILfGGU+Drr
	PxtIQlggROLe1NeMEL0ZEjf/dYDFOQV0JZZsv8A0gVFwFpJTZyGcOgvJqQsYmVcxiqYWJBcU
	J6XnGuoVJ+YWl+al6yXn525iBKeDZ1I7GFc2WBxiFOBgVOLhlUgyCBViTSwrrsw9xCjBwawk
	wmvrChTiTUmsrEotyo8vKs1JLT7EaAr06ERmKdHkfGCqyiuJNzQ2MTOyNDI3tDAyNlcS552j
	KxcqJJCeWJKanZpakFoE08fEwSnVwMhw4FjCJqPGjcIzfn7PiMqe+Hia3LQ3bB/E5pR2NRzT
	ErQ/ZdExfYbDdfNdBkbhHosCNwclas7Zm9YyZ88Pv1tbNZViBYy9HUSj1krN+r28d/Jx5asi
	fa0Fe5Ll+BN2eTQkLxL0Pc6/aOIZy+ftwiea3QVKvz2xP7Zlo/ZP2eQiq50iQqzRJ5RYijMS
	DbWYi4oTAUKeAtEdAwAA
DLP-Filter: Pass
X-MTR: 20000000000000000@CPGS
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2046
Lines: 64

Hello,

On 2015년 04월 16일 22:48, Stephen Smalley wrote:
> On 04/16/2015 09:40 AM, Seung-Woo Kim wrote:
>> The dma-buf fd from anon_inode can be shared across processes, but
>> there is no way to set security permission for the fd. So this
>> patch fix just to ignore private inode from security_file_receive.
>>
>> Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
>> ---
>>
>> If security like smack is enabled, the dmabuf fd can not be shared between
>> processes via unix domain socket. I am not familiar with security, so I am
>> not sure that this kind of patch can be acceptable.
>>
>> Is there other option to share dmabuf fd via socket with security check?
>>
>> Best Regards,
>> - Seung-Woo Kim
>>
>> ---
>>  security/security.c |    3 +++
>>  1 files changed, 3 insertions(+), 0 deletions(-)
>>
>> diff --git a/security/security.c b/security/security.c
>> index 730ac65..c57354c 100644
>> --- a/security/security.c
>> +++ b/security/security.c
>> @@ -810,6 +810,9 @@ int security_file_send_sigiotask(struct task_struct *tsk,
>>  
>>  int security_file_receive(struct file *file)
>>  {
>> +
>> +	if (unlikely(IS_PRIVATE(file->f_path.dentry->d_inode)))
>> +		return 0;
>>  	return security_ops->file_receive(file);
>>  }
> 
> SELinux handles this internally; see its inode_has_perm() function.
> Doing it here would prevent any security module checking at all, even of
> the struct file, which SELinux does presently do (selinux_file_receive
> calls file_has_perm which applies the fd use check and then calls
> inode_has_perm on the inode).  Unless you are saying that the
> file->f_security field is also not being set correctly.

Thanks for the suggestion. I will try to do on smack side.

Best Regards,
- Seung-Woo Kim

> 
> 
> 

-- 
Seung-Woo Kim
Samsung Software R&D Center
--

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/