diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2017-05-12 12:41:24 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2017-05-23 10:23:42 -0400 |
| commit | ccb544781d34afdb73a9a73ae53035d824d193bf (patch) | |
| tree | a5c7f6475061a3b42f887d43870224af13373eba /security/selinux/hooks.c | |
| parent | 3ba4bf5f1e2c58bddd84ba27c5aeaf8ca1d36bff (diff) | |
selinux: do not check open permission on sockets
open permission is currently only defined for files in the kernel
(COMMON_FILE_PERMS rather than COMMON_FILE_SOCK_PERMS). Construction of
an artificial test case that tries to open a socket via /proc/pid/fd will
generate a recvfrom avc denial because recvfrom and open happen to map to
the same permission bit in socket vs file classes.
open of a socket via /proc/pid/fd is not supported by the kernel regardless
and will ultimately return ENXIO. But we hit the permission check first and
can thus produce these odd/misleading denials. Omit the open check when
operating on a socket.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e29800091e17..627f291fb6c1 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2063,8 +2063,9 @@ static inline u32 file_to_av(struct file *file) | |||
| 2063 | static inline u32 open_file_to_av(struct file *file) | 2063 | static inline u32 open_file_to_av(struct file *file) |
| 2064 | { | 2064 | { |
| 2065 | u32 av = file_to_av(file); | 2065 | u32 av = file_to_av(file); |
| 2066 | struct inode *inode = file_inode(file); | ||
| 2066 | 2067 | ||
| 2067 | if (selinux_policycap_openperm) | 2068 | if (selinux_policycap_openperm && inode->i_sb->s_magic != SOCKFS_MAGIC) |
| 2068 | av |= FILE__OPEN; | 2069 | av |= FILE__OPEN; |
| 2069 | 2070 | ||
| 2070 | return av; | 2071 | return av; |
| @@ -3059,6 +3060,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) | |||
| 3059 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | 3060 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) |
| 3060 | { | 3061 | { |
| 3061 | const struct cred *cred = current_cred(); | 3062 | const struct cred *cred = current_cred(); |
| 3063 | struct inode *inode = d_backing_inode(dentry); | ||
| 3062 | unsigned int ia_valid = iattr->ia_valid; | 3064 | unsigned int ia_valid = iattr->ia_valid; |
| 3063 | __u32 av = FILE__WRITE; | 3065 | __u32 av = FILE__WRITE; |
| 3064 | 3066 | ||
| @@ -3074,8 +3076,10 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |||
| 3074 | ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) | 3076 | ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) |
| 3075 | return dentry_has_perm(cred, dentry, FILE__SETATTR); | 3077 | return dentry_has_perm(cred, dentry, FILE__SETATTR); |
| 3076 | 3078 | ||
| 3077 | if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE) | 3079 | if (selinux_policycap_openperm && |
| 3078 | && !(ia_valid & ATTR_FILE)) | 3080 | inode->i_sb->s_magic != SOCKFS_MAGIC && |
| 3081 | (ia_valid & ATTR_SIZE) && | ||
| 3082 | !(ia_valid & ATTR_FILE)) | ||
| 3079 | av |= FILE__OPEN; | 3083 | av |= FILE__OPEN; |
| 3080 | 3084 | ||
| 3081 | return dentry_has_perm(cred, dentry, av); | 3085 | return dentry_has_perm(cred, dentry, av); |