From patchwork Thu Jul 31 03:26:37 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Damian Hobson-Garcia <dhobsong@igel.co.jp>
X-Patchwork-Id: 4652931
Return-Path: <ltsi-dev-bounces@lists.linuxfoundation.org>
X-Original-To: patchwork-ltsi-dev@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 3B8289F36A
	for <patchwork-ltsi-dev@patchwork.kernel.org>;
	Thu, 31 Jul 2014 03:27:12 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 57DB72018E
	for <patchwork-ltsi-dev@patchwork.kernel.org>;
	Thu, 31 Jul 2014 03:27:11 +0000 (UTC)
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 717032015E
	for <patchwork-ltsi-dev@patchwork.kernel.org>;
	Thu, 31 Jul 2014 03:27:10 +0000 (UTC)
Received: from mail.linux-foundation.org (localhost [IPv6:::1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id DF36BA4D;
	Thu, 31 Jul 2014 03:27:04 +0000 (UTC)
X-Original-To: ltsi-dev@lists.linuxfoundation.org
Delivered-To: ltsi-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 0BBDAA05
	for <ltsi-dev@lists.linuxfoundation.org>;
	Thu, 31 Jul 2014 03:27:03 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pd0-f177.google.com (mail-pd0-f177.google.com
	[209.85.192.177])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3C4021FD2D
	for <ltsi-dev@lists.linuxfoundation.org>;
	Thu, 31 Jul 2014 03:27:02 +0000 (UTC)
Received: by mail-pd0-f177.google.com with SMTP id p10so2612453pdj.22
	for <ltsi-dev@lists.linuxfoundation.org>;
	Wed, 30 Jul 2014 20:27:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=qZMCtQgIdFCbSj0CBBPv0Kzval070chGLf6BahYN2g0=;
	b=RAAktXTdoaomfBY0xUOUM+VQAh9WJkdSBj22uo4G+zESnGWRzeEX6FiRipmRhBq8Lx
	JNIZm2dNmDdAZOeESNO7ZeqjURVgePCmipmI+z4r5e2kpE+NpzwsAjIXceriCUuDeN5C
	EbaaF2yCl4HPDQ5zj28DZJkzhexzOvuhCI0FstVsIudm2LaELx9Fqqj78q5j40LggsXH
	8rozmVIAZG2vGFR4f/+kftZRiavJaHsacJh1Zx+D+iIfpDxnWesNvIIeMe4W7mi+9z5t
	tKLdfCINKtDLZXD5G+W0MuF/mPwzeXck97TI1xaCdjiJk2/olBTBCmR9DSPKkRX/p9L8
	4JSw==
X-Gm-Message-State: 
 ALoCoQkJlj6Vh+C0WVqh+j/uZqWisCT21N1RRF/F7KpNQzPGF6LXSpzM/xXAj8tMgo4H3uU+mFHA
X-Received: by 10.70.128.137 with SMTP id no9mr9119601pdb.143.1406777221923;
	Wed, 30 Jul 2014 20:27:01 -0700 (PDT)
Received: from v400.hq.igel.co.jp (napt.igel.co.jp. [219.106.231.132])
	by mx.google.com with ESMTPSA id
	d13sm3843861pbu.72.2014.07.30.20.27.00
	for <ltsi-dev@lists.linuxfoundation.org>
	(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Wed, 30 Jul 2014 20:27:01 -0700 (PDT)
From: Damian Hobson-Garcia <dhobsong@igel.co.jp>
To: ltsi-dev@lists.linuxfoundation.org
Date: Thu, 31 Jul 2014 12:26:37 +0900
Message-Id: <1406777210-28425-4-git-send-email-dhobsong@igel.co.jp>
X-Mailer: git-send-email 1.7.9.5
In-Reply-To: <1406777210-28425-1-git-send-email-dhobsong@igel.co.jp>
References: <1406777210-28425-1-git-send-email-dhobsong@igel.co.jp>
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
Subject: [LTSI-dev] [PATCH 03/16] Smack: Add smkfstransmute mount option
X-BeenThere: ltsi-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "A list to discuss patches, development,
	and other things related to the LTSI project"
	<ltsi-dev.lists.linuxfoundation.org>
List-Unsubscribe: 
 <https://lists.linuxfoundation.org/mailman/options/ltsi-dev>,
	<mailto:ltsi-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/ltsi-dev/>
List-Post: <mailto:ltsi-dev@lists.linuxfoundation.org>
List-Help: <mailto:ltsi-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/ltsi-dev>,
	<mailto:ltsi-dev-request@lists.linuxfoundation.org?subject=subscribe>
MIME-Version: 1.0
Sender: ltsi-dev-bounces@lists.linuxfoundation.org
Errors-To: ltsi-dev-bounces@lists.linuxfoundation.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Casey Schaufler <casey@schaufler-ca.com>

Suppliment the smkfsroot mount option with another, smkfstransmute,
that does the same thing but also marks the root inode as
transmutting. This allows a freshly created filesystem to
be mounted with a transmutting heirarchy.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
(cherry picked from commit e830b39412ca2bbedd7508243f21c04d57ad543c)

Signed-off-by: Damian Hobson-Garcia <dhobsong@igel.co.jp>
Signed-off-by: Tomohito Esaki <etom@igel.co.jp>
---
 security/smack/smack.h     |    1 +
 security/smack/smack_lsm.c |   25 ++++++++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 159f25b..339614c 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -143,6 +143,7 @@ struct smk_port_label {
 #define SMK_FSFLOOR	"smackfsfloor="
 #define SMK_FSHAT	"smackfshat="
 #define SMK_FSROOT	"smackfsroot="
+#define SMK_FSTRANS	"smackfstransmute="
 
 #define SMACK_CIPSO_OPTION 	"-CIPSO"
 
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3669d9f..6a08330 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -261,8 +261,9 @@ static int smack_sb_alloc_security(struct super_block *sb)
 	sbsp->smk_default = smack_known_floor.smk_known;
 	sbsp->smk_floor = smack_known_floor.smk_known;
 	sbsp->smk_hat = smack_known_hat.smk_known;
-	sbsp->smk_initialized = 0;
-
+	/*
+	 * smk_initialized will be zero from kzalloc.
+	 */
 	sb->s_security = sbsp;
 
 	return 0;
@@ -306,6 +307,8 @@ static int smack_sb_copy_data(char *orig, char *smackopts)
 			dp = smackopts;
 		else if (strstr(cp, SMK_FSROOT) == cp)
 			dp = smackopts;
+		else if (strstr(cp, SMK_FSTRANS) == cp)
+			dp = smackopts;
 		else
 			dp = otheropts;
 
@@ -341,8 +344,9 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 	char *op;
 	char *commap;
 	char *nsp;
+	int transmute = 0;
 
-	if (sp->smk_initialized != 0)
+	if (sp->smk_initialized)
 		return 0;
 
 	sp->smk_initialized = 1;
@@ -373,6 +377,13 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 			nsp = smk_import(op, 0);
 			if (nsp != NULL)
 				sp->smk_root = nsp;
+		} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
+			op += strlen(SMK_FSTRANS);
+			nsp = smk_import(op, 0);
+			if (nsp != NULL) {
+				sp->smk_root = nsp;
+				transmute = 1;
+			}
 		}
 	}
 
@@ -380,11 +391,15 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 	 * Initialize the root inode.
 	 */
 	isp = inode->i_security;
-	if (isp == NULL)
+	if (inode->i_security == NULL) {
 		inode->i_security = new_inode_smack(sp->smk_root);
-	else
+		isp = inode->i_security;
+	} else
 		isp->smk_inode = sp->smk_root;
 
+	if (transmute)
+		isp->smk_flags |= SMK_INODE_TRANSMUTE;
+
 	return 0;
 }