xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ubifs: Massage ubifs_listxattr() for encryption context

Browse Source 
We have to make sure that we don't expose our internal
crypto context to userspace.

Signed-off-by: Richard Weinberger <richard@nod.at>
This commit is contained in:
Richard Weinberger
2016-09-21 12:21:29 +02:00
parent d475a50745
commit 43b113fea2
1 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
fs/ubifs/xattr.c
View File

@@ -397,6 +397,20 @@ out_unlock:
return err; return err;
} }
static bool xattr_visible(const char *name)
{
/* File encryption related xattrs are for internal use only */
if (strcmp(name, UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT) == 0)
return false;
/* Show trusted namespace only for "power" users */
if (strncmp(name, XATTR_TRUSTED_PREFIX,
XATTR_TRUSTED_PREFIX_LEN) == 0 && !capable(CAP_SYS_ADMIN))
return false;
return true;
}
ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size) ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size)
{ {
union ubifs_key key; union ubifs_key key;
@@ -432,10 +446,7 @@ ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size)
nm.name = xent->name; nm.name = xent->name;
nm.len = le16_to_cpu(xent->nlen); nm.len = le16_to_cpu(xent->nlen);
/* Show trusted namespace only for "power" users */ if (xattr_visible(xent->name)) {
if (strncmp(xent->name, XATTR_TRUSTED_PREFIX,
XATTR_TRUSTED_PREFIX_LEN) ||
capable(CAP_SYS_ADMIN)) {
memcpy(buffer + written, nm.name, nm.len + 1); memcpy(buffer + written, nm.name, nm.len + 1);
written += nm.len + 1; written += nm.len + 1;
} }