aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-07-06 14:13:30 -0400
committerJames Morris <james.l.morris@oracle.com>2012-07-15 21:41:47 -0400
commit3d2195c3324b27e65ba53d9626a6bd91a2515797 (patch)
treec17445689c2926fa446c9bef4f5b169b60ce4f15
parent64919e60915c5151b3dd4c8d2d9237a115ca990c (diff)
SELinux: do not check open perms if they are not known to policy
When I introduced open perms policy didn't understand them and I implemented them as a policycap. When I added the checking of open perm to truncate I forgot to conditionalize it on the userspace defined policy capability. Running an old policy with a new kernel will not check open on open(2) but will check it on truncate. Conditionalize the truncate check the same as the open check. Signed-off-by: Eric Paris <eparis@redhat.com> Cc: stable@vger.kernel.org # 3.4.x Signed-off-by: James Morris <james.l.morris@oracle.com>
-rw-r--r--security/selinux/hooks.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 372ec6502aa8..ffd8900a38e8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2717,7 +2717,7 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2717 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) 2717 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2718 return dentry_has_perm(cred, dentry, FILE__SETATTR); 2718 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2719 2719
2720 if (ia_valid & ATTR_SIZE) 2720 if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE))
2721 av |= FILE__OPEN; 2721 av |= FILE__OPEN;
2722 2722
2723 return dentry_has_perm(cred, dentry, av); 2723 return dentry_has_perm(cred, dentry, av);