[PATCH 08/19] smack: smack_inode_setsecurity: prevent setting SMACK64EXEC/MMAP in other LSMs

[Konstantin Andreev]

smack_inode_setsecurity() does not support setting
the SMACK64EXEC and SMACK64MMAP xattrs, and returns
-EOPNOTSUPP if an attempt is made to set them.

However, since [1], the -EOPNOTSUPP return value
from the inode_setsecurity LSM hook
has been interpreted by security_inode_setsecurity()
as a signal to "continue polling other LSMs".

As a result, security_inode_setsecurity() proceeds
to query other LSMs and attempts to store the
SMACK64EXEC/MMAP xattrs there.

Passing a Smack property to other LSMs is incorrect,
as Smack owns these xattrs.

Returning -ENODATA instead of -EOPNOTSUPP is not ideal,
but it makes sense and prevents fallback to other LSMs.

[1] 2016-05-31 Casey Schaufler
commit 2885c1e3e0c2 ("LSM: Fix for security_inode_getsecurity
                      and -EOPNOTSUPP")
Link: https://lore.kernel.org/lkml/d8a4d26e-46c8-975d-d075-a3848130981c@schaufler-ca.com/

Signed-off-by: Konstantin Andreev <andreev at swemel.ru>
---
 security/smack/smack_lsm.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 39e2e7b5bc3c..00d4b5bf1056 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3000,6 +3000,10 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
 		nsp->smk_flags |= SMK_INODE_INSTANT;
 		return 0;
 	}
+
+	if (strcmp(name, XATTR_SMACK_EXEC) == 0 ||
+	    strcmp(name, XATTR_SMACK_MMAP) == 0)
+		return -ENODATA;
 	/*
 	 * The rest of the Smack xattrs are only on sockets.
 	 */
-- 
2.43.0