Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 934243a728498e8dda823ff6745455fde5e108d5
commit934243a728498e8dda823ff6745455fde5e108d5[log] [tgz]
authorMark Salyzyn <salyzyn@android.com>Thu Aug 29 11:30:14 2019 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sat Oct 05 13:10:08 2019 +0200
tree31409e6b48f9e7a0d33ae93a795565e1fc4e2097
parente7265adc0a3c87b5fe9ddbbc55293647ac7338b6 [diff]
ovl: filter of trusted xattr results in audit

commit 5c2e9f346b815841f9bed6029ebcb06415caf640 upstream.

When filtering xattr list for reading, presence of trusted xattr
results in a security audit log.  However, if there is other content
no errno will be set, and if there isn't, the errno will be -ENODATA
and not -EPERM as is usually associated with a lack of capability.
The check does not block the request to list the xattrs present.

Switch to ns_capable_noaudit to reflect a more appropriate check.

Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Cc: linux-security-module@vger.kernel.org
Cc: kernel-team@android.com
Cc: stable@vger.kernel.org # v3.18+
Fixes: a082c6f680da ("ovl: filter trusted xattr for non-admin")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 31409e6b48f9e7a0d33ae93a795565e1fc4e2097
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README