Re: [PATCH] security: selinux: allow per-file labeling for bpffs
From: Stephen Smalley
Date: Thu Feb 06 2020 - 12:20:29 EST
On 2/6/20 11:55 AM, Steven Moreland wrote:
From: Connor O'Brien <connoro@xxxxxxxxxx>
Add support for genfscon per-file labeling of bpffs files. This allows
for separate permissions for different pinned bpf objects, which may
be completely unrelated to each other.
Do you want bpf fs to also support userspace labeling of files via
setxattr()? If so, you'll want to also add it to
selinux_is_genfs_special_handling() as well.
The only caveat I would note here is that it appears that bpf fs
supports rename, link, unlink, rmdir etc by userspace, which means that
name-based labeling via genfscon isn't necessarily safe/stable. See
https://github.com/SELinuxProject/selinux-kernel/issues/2
Change-Id: I03ae28d3afea70acd6dc53ebf810b34b357b6eb5
Drop Change-Ids from patches submitted upstream please since they aren't
meaningful outside of Android.
Signed-off-by: Connor O'Brien <connoro@xxxxxxxxxx>
Signed-off-by: Steven Moreland <smoreland@xxxxxxxxxx>
---
security/selinux/hooks.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index de4887742d7c..4f9396e6ce8c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -872,6 +872,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
!strcmp(sb->s_type->name, "sysfs") ||
!strcmp(sb->s_type->name, "pstore") ||
!strcmp(sb->s_type->name, "binder") ||
+ !strcmp(sb->s_type->name, "bpf") ||
!strcmp(sb->s_type->name, "cgroup") ||
!strcmp(sb->s_type->name, "cgroup2"))
sbsec->flags |= SE_SBGENFS;