Skip to content

Commit 9da82b2

Browse files
l0kodl0kod
committed
landlock: Move filesystem helpers and add a new one
Move the SB_NOUSER and IS_PRIVATE dentry check to a standalone is_nouser_or_private() helper. This will be useful for a following commit. Move get_mode_access() and maybe_remove() to make them usable by new code provided by a following commit. Reviewed-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Link: https://lore.kernel.org/r/20220506161102.525323-6-mic@digikod.net
1 parent 8ba0005 commit 9da82b2

1 file changed

Lines changed: 46 additions & 41 deletions

File tree

  • security/landlock

security/landlock/fs.c

Lines changed: 46 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -261,6 +261,18 @@ unmask_layers(const struct landlock_rule *const rule,
261261
return false;
262262
}
263263

264+
/*
265+
* Allows access to pseudo filesystems that will never be mountable (e.g.
266+
* sockfs, pipefs), but can still be reachable through
267+
* /proc/<pid>/fd/<file-descriptor>
268+
*/
269+
static inline bool is_nouser_or_private(const struct dentry *dentry)
270+
{
271+
return (dentry->d_sb->s_flags & SB_NOUSER) ||
272+
(d_is_positive(dentry) &&
273+
unlikely(IS_PRIVATE(d_backing_inode(dentry))));
274+
}
275+
264276
static int check_access_path(const struct landlock_ruleset *const domain,
265277
const struct path *const path,
266278
const access_mask_t access_request)
@@ -274,14 +286,7 @@ static int check_access_path(const struct landlock_ruleset *const domain,
274286
return 0;
275287
if (WARN_ON_ONCE(!domain || !path))
276288
return 0;
277-
/*
278-
* Allows access to pseudo filesystems that will never be mountable
279-
* (e.g. sockfs, pipefs), but can still be reachable through
280-
* /proc/<pid>/fd/<file-descriptor> .
281-
*/
282-
if ((path->dentry->d_sb->s_flags & SB_NOUSER) ||
283-
(d_is_positive(path->dentry) &&
284-
unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))))
289+
if (is_nouser_or_private(path->dentry))
285290
return 0;
286291
if (WARN_ON_ONCE(domain->num_layers < 1))
287292
return -EACCES;
@@ -360,6 +365,39 @@ static inline int current_check_access_path(const struct path *const path,
360365
return check_access_path(dom, path, access_request);
361366
}
362367

368+
static inline access_mask_t get_mode_access(const umode_t mode)
369+
{
370+
switch (mode & S_IFMT) {
371+
case S_IFLNK:
372+
return LANDLOCK_ACCESS_FS_MAKE_SYM;
373+
case 0:
374+
/* A zero mode translates to S_IFREG. */
375+
case S_IFREG:
376+
return LANDLOCK_ACCESS_FS_MAKE_REG;
377+
case S_IFDIR:
378+
return LANDLOCK_ACCESS_FS_MAKE_DIR;
379+
case S_IFCHR:
380+
return LANDLOCK_ACCESS_FS_MAKE_CHAR;
381+
case S_IFBLK:
382+
return LANDLOCK_ACCESS_FS_MAKE_BLOCK;
383+
case S_IFIFO:
384+
return LANDLOCK_ACCESS_FS_MAKE_FIFO;
385+
case S_IFSOCK:
386+
return LANDLOCK_ACCESS_FS_MAKE_SOCK;
387+
default:
388+
WARN_ON_ONCE(1);
389+
return 0;
390+
}
391+
}
392+
393+
static inline access_mask_t maybe_remove(const struct dentry *const dentry)
394+
{
395+
if (d_is_negative(dentry))
396+
return 0;
397+
return d_is_dir(dentry) ? LANDLOCK_ACCESS_FS_REMOVE_DIR :
398+
LANDLOCK_ACCESS_FS_REMOVE_FILE;
399+
}
400+
363401
/* Inode hooks */
364402

365403
static void hook_inode_free_security(struct inode *const inode)
@@ -553,31 +591,6 @@ static int hook_sb_pivotroot(const struct path *const old_path,
553591

554592
/* Path hooks */
555593

556-
static inline access_mask_t get_mode_access(const umode_t mode)
557-
{
558-
switch (mode & S_IFMT) {
559-
case S_IFLNK:
560-
return LANDLOCK_ACCESS_FS_MAKE_SYM;
561-
case 0:
562-
/* A zero mode translates to S_IFREG. */
563-
case S_IFREG:
564-
return LANDLOCK_ACCESS_FS_MAKE_REG;
565-
case S_IFDIR:
566-
return LANDLOCK_ACCESS_FS_MAKE_DIR;
567-
case S_IFCHR:
568-
return LANDLOCK_ACCESS_FS_MAKE_CHAR;
569-
case S_IFBLK:
570-
return LANDLOCK_ACCESS_FS_MAKE_BLOCK;
571-
case S_IFIFO:
572-
return LANDLOCK_ACCESS_FS_MAKE_FIFO;
573-
case S_IFSOCK:
574-
return LANDLOCK_ACCESS_FS_MAKE_SOCK;
575-
default:
576-
WARN_ON_ONCE(1);
577-
return 0;
578-
}
579-
}
580-
581594
/*
582595
* Creating multiple links or renaming may lead to privilege escalations if not
583596
* handled properly. Indeed, we must be sure that the source doesn't gain more
@@ -606,14 +619,6 @@ static int hook_path_link(struct dentry *const old_dentry,
606619
get_mode_access(d_backing_inode(old_dentry)->i_mode));
607620
}
608621

609-
static inline access_mask_t maybe_remove(const struct dentry *const dentry)
610-
{
611-
if (d_is_negative(dentry))
612-
return 0;
613-
return d_is_dir(dentry) ? LANDLOCK_ACCESS_FS_REMOVE_DIR :
614-
LANDLOCK_ACCESS_FS_REMOVE_FILE;
615-
}
616-
617622
static int hook_path_rename(const struct path *const old_dir,
618623
struct dentry *const old_dentry,
619624
const struct path *const new_dir,

0 commit comments

Comments
 (0)