diff options
Diffstat (limited to 'security/smack/smack_lsm.c')
| -rw-r--r-- | security/smack/smack_lsm.c | 32 | 
1 files changed, 32 insertions, 0 deletions
| diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 001831458fa2..bffccdc494cb 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -42,6 +42,7 @@  #include <linux/fs_context.h>  #include <linux/fs_parser.h>  #include <linux/watch_queue.h> +#include <linux/io_uring.h>  #include "smack.h"  #define TRANS_TRUE	"TRUE" @@ -4732,6 +4733,36 @@ static int smack_uring_sqpoll(void)  	return -EPERM;  } +/** + * smack_uring_cmd - check on file operations for io_uring + * @ioucmd: the command in question + * + * Make a best guess about whether a io_uring "command" should + * be allowed. Use the same logic used for determining if the + * file could be opened for read in the absence of better criteria. + */ +static int smack_uring_cmd(struct io_uring_cmd *ioucmd) +{ +	struct file *file = ioucmd->file; +	struct smk_audit_info ad; +	struct task_smack *tsp; +	struct inode *inode; +	int rc; + +	if (!file) +		return -EINVAL; + +	tsp = smack_cred(file->f_cred); +	inode = file_inode(file); + +	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); +	smk_ad_setfield_u_fs_path(&ad, file->f_path); +	rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); +	rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc); + +	return rc; +} +  #endif /* CONFIG_IO_URING */  struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { @@ -4889,6 +4920,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {  #ifdef CONFIG_IO_URING  	LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds),  	LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll), +	LSM_HOOK_INIT(uring_cmd, smack_uring_cmd),  #endif  }; | 
