aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2011-02-25 15:39:20 -0500
committerEric Paris <eparis@redhat.com>2011-02-25 15:40:00 -0500
commit0b24dcb7f2f7a0ce9b762eef0362c21c88f47b32 (patch)
tree9c7dc83e169cd4a2e5fd248e4b940f82131627b6
parent47ac19ea429aee561f66e9cd05b908e8ffbc498a (diff)
Revert "selinux: simplify ioctl checking"
This reverts commit 242631c49d4cf39642741d6627750151b058233b. Conflicts: security/selinux/hooks.c SELinux used to recognize certain individual ioctls and check permissions based on the knowledge of the individual ioctl. In commit 242631c49d4cf396 the SELinux code stopped trying to understand individual ioctls and to instead looked at the ioctl access bits to determine in we should check read or write for that operation. This same suggestion was made to SMACK (and I believe copied into TOMOYO). But this suggestion is total rubbish. The ioctl access bits are actually the access requirements for the structure being passed into the ioctl, and are completely unrelated to the operation of the ioctl or the object the ioctl is being performed upon. Take FS_IOC_FIEMAP as an example. FS_IOC_FIEMAP is defined as: FS_IOC_FIEMAP _IOWR('f', 11, struct fiemap) So it has access bits R and W. What this really means is that the kernel is going to both read and write to the struct fiemap. It has nothing at all to do with the operations that this ioctl might perform on the file itself! Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
-rw-r--r--security/selinux/hooks.c50
1 files changed, 42 insertions, 8 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 8ffed9f2004e..8294dbfd1f16 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -24,9 +24,11 @@
24 */ 24 */
25 25
26#include <linux/init.h> 26#include <linux/init.h>
27#include <linux/kd.h>
27#include <linux/kernel.h> 28#include <linux/kernel.h>
28#include <linux/tracehook.h> 29#include <linux/tracehook.h>
29#include <linux/errno.h> 30#include <linux/errno.h>
31#include <linux/ext2_fs.h>
30#include <linux/sched.h> 32#include <linux/sched.h>
31#include <linux/security.h> 33#include <linux/security.h>
32#include <linux/xattr.h> 34#include <linux/xattr.h>
@@ -36,6 +38,7 @@
36#include <linux/mman.h> 38#include <linux/mman.h>
37#include <linux/slab.h> 39#include <linux/slab.h>
38#include <linux/pagemap.h> 40#include <linux/pagemap.h>
41#include <linux/proc_fs.h>
39#include <linux/swap.h> 42#include <linux/swap.h>
40#include <linux/spinlock.h> 43#include <linux/spinlock.h>
41#include <linux/syscalls.h> 44#include <linux/syscalls.h>
@@ -2849,16 +2852,47 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2849 unsigned long arg) 2852 unsigned long arg)
2850{ 2853{
2851 const struct cred *cred = current_cred(); 2854 const struct cred *cred = current_cred();
2852 u32 av = 0; 2855 int error = 0;
2853 2856
2854 if (_IOC_DIR(cmd) & _IOC_WRITE) 2857 switch (cmd) {
2855 av |= FILE__WRITE; 2858 case FIONREAD:
2856 if (_IOC_DIR(cmd) & _IOC_READ) 2859 /* fall through */
2857 av |= FILE__READ; 2860 case FIBMAP:
2858 if (!av) 2861 /* fall through */
2859 av = FILE__IOCTL; 2862 case FIGETBSZ:
2863 /* fall through */
2864 case EXT2_IOC_GETFLAGS:
2865 /* fall through */
2866 case EXT2_IOC_GETVERSION:
2867 error = file_has_perm(cred, file, FILE__GETATTR);
2868 break;
2869
2870 case EXT2_IOC_SETFLAGS:
2871 /* fall through */
2872 case EXT2_IOC_SETVERSION:
2873 error = file_has_perm(cred, file, FILE__SETATTR);
2874 break;
2860 2875
2861 return file_has_perm(cred, file, av); 2876 /* sys_ioctl() checks */
2877 case FIONBIO:
2878 /* fall through */
2879 case FIOASYNC:
2880 error = file_has_perm(cred, file, 0);
2881 break;
2882
2883 case KDSKBENT:
2884 case KDSKBSENT:
2885 error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG,
2886 SECURITY_CAP_AUDIT);
2887 break;
2888
2889 /* default case assumes that the command will go
2890 * to the file's ioctl() function.
2891 */
2892 default:
2893 error = file_has_perm(cred, file, FILE__IOCTL);
2894 }
2895 return error;
2862} 2896}
2863 2897
2864static int default_noexec; 2898static int default_noexec;