From patchwork Thu Jul 31 03:26:39 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damian Hobson-Garcia X-Patchwork-Id: 4652961 Return-Path: X-Original-To: patchwork-ltsi-dev@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id DFE5B9F36A for ; Thu, 31 Jul 2014 03:27:29 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 1F5402018E for ; Thu, 31 Jul 2014 03:27:29 +0000 (UTC) Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 45D0E2015E for ; Thu, 31 Jul 2014 03:27:28 +0000 (UTC) Received: from mail.linux-foundation.org (localhost [IPv6:::1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 95818A62; Thu, 31 Jul 2014 03:27:08 +0000 (UTC) X-Original-To: ltsi-dev@lists.linuxfoundation.org Delivered-To: ltsi-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 33C25A55 for ; Thu, 31 Jul 2014 03:27:06 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pd0-f180.google.com (mail-pd0-f180.google.com [209.85.192.180]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id AA2EF201A5 for ; Thu, 31 Jul 2014 03:27:04 +0000 (UTC) Received: by mail-pd0-f180.google.com with SMTP id y13so2617141pdi.39 for ; Wed, 30 Jul 2014 20:27:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=iKRxkWcXwyzpfZYhQJ2EMBIzZ+aexrGXklTSDgYMg/k=; b=LPFGlRCE7gHPSfDqfRRCkdNkCx2Lp3UjOzdMuvxtvtnURWeVXDWgkY90X6aDW46uTP 8zgI3XFlXHfvrqRrzD5ZIi7aQbS22NuXNjUwr7GsJG1rqIwsbi7zEyKUdiJ+DpJLOuPp u917atLondmwRxMZEKOZzqG6NJ4uUQ1j48zOvGHCOEokp1bGBhKJS+xV9fOw3M9K+0ys wlCDJuZvwALlRVS0S/B8EPmgDtlqsncyzgdN7wsfQtirH1Ks60R8BduYaknVTVetrUWZ 2Xar9sfHH31EHQV9nKqbr0s+lr/aFZp/8TWrvPAykeAuDjVxqhRN/2NkAZEz9omfQbef ao5A== X-Gm-Message-State: ALoCoQnKIb8zIiTBCsRbqGWjjBDKsEGzMzSkCXBUp6BXq7jQDgEXOPpagIEzJ/SLqUJi06D5aS57 X-Received: by 10.70.118.9 with SMTP id ki9mr9262006pdb.104.1406777224348; Wed, 30 Jul 2014 20:27:04 -0700 (PDT) Received: from v400.hq.igel.co.jp (napt.igel.co.jp. [219.106.231.132]) by mx.google.com with ESMTPSA id d13sm3843861pbu.72.2014.07.30.20.27.03 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 30 Jul 2014 20:27:03 -0700 (PDT) From: Damian Hobson-Garcia To: ltsi-dev@lists.linuxfoundation.org Date: Thu, 31 Jul 2014 12:26:39 +0900 Message-Id: <1406777210-28425-6-git-send-email-dhobsong@igel.co.jp> X-Mailer: git-send-email 1.7.9.5 In-Reply-To: <1406777210-28425-1-git-send-email-dhobsong@igel.co.jp> References: <1406777210-28425-1-git-send-email-dhobsong@igel.co.jp> X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org Subject: [LTSI-dev] [PATCH 05/16] Smack: Fix the bug smackcipso can't set CIPSO correctly X-BeenThere: ltsi-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "A list to discuss patches, development, and other things related to the LTSI project" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ltsi-dev-bounces@lists.linuxfoundation.org Errors-To: ltsi-dev-bounces@lists.linuxfoundation.org X-Virus-Scanned: ClamAV using ClamSMTP From: "Passion,Zhao" Bug report: https://tizendev.org/bugs/browse/TDIS-3891 The reason is userspace libsmack only use "smackfs/cipso2" long-label interface, but the code's logical is still for orginal fixed length label. Now update smack_cipso_apply() to support flexible label (<=256 including tailing '\0') There is also a bug in kernel/security/smack/smackfs.c: When smk_set_cipso() parsing the CIPSO setting from userspace, the offset of CIPSO level should be "strlen(label)+1" instead of "strlen(label)" Signed-off-by: Passion,Zhao (cherry picked from commit 0fcfee61d63b82c1eefb5b1a914240480f17d63f) Signed-off-by: Damian Hobson-Garcia Signed-off-by: Tomohito Esaki --- security/smack/smackfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 3c79cba..ab16703 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -881,7 +881,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, if (format == SMK_FIXED24_FMT) rule += SMK_LABELLEN; else - rule += strlen(skp->smk_known); + rule += strlen(skp->smk_known) + 1; ret = sscanf(rule, "%d", &maplevel); if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)