diff options
| author | Eric Paris <eparis@redhat.com> | 2008-02-28 12:58:40 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-04-18 06:26:06 -0400 |
| commit | b0c636b99997c8594da6a46e166ce4fcf6956fda (patch) | |
| tree | 16308f0324846cd8c19180b6a45793268dd16f50 /security/selinux/hooks.c | |
| parent | d4ee4231a3a8731576ef0e0a7e1225e4fde1e659 (diff) | |
SELinux: create new open permission
Adds a new open permission inside SELinux when 'opening' a file. The idea
is that opening a file and reading/writing to that file are not the same
thing. Its different if a program had its stdout redirected to /tmp/output
than if the program tried to directly open /tmp/output. This should allow
policy writers to more liberally give read/write permissions across the
policy while still blocking many design and programing flaws SELinux is so
good at catching today.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 710894d4841b..d569cde440e6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1615,6 +1615,35 @@ static inline u32 file_mask_to_av(int mode, int mask) | |||
| 1615 | return av; | 1615 | return av; |
| 1616 | } | 1616 | } |
| 1617 | 1617 | ||
| 1618 | /* | ||
| 1619 | * Convert a file mask to an access vector and include the correct open | ||
| 1620 | * open permission. | ||
| 1621 | */ | ||
| 1622 | static inline u32 open_file_mask_to_av(int mode, int mask) | ||
| 1623 | { | ||
| 1624 | u32 av = file_mask_to_av(mode, mask); | ||
| 1625 | |||
| 1626 | if (selinux_policycap_openperm) { | ||
| 1627 | /* | ||
| 1628 | * lnk files and socks do not really have an 'open' | ||
| 1629 | */ | ||
| 1630 | if (S_ISREG(mode)) | ||
| 1631 | av |= FILE__OPEN; | ||
| 1632 | else if (S_ISCHR(mode)) | ||
| 1633 | av |= CHR_FILE__OPEN; | ||
| 1634 | else if (S_ISBLK(mode)) | ||
| 1635 | av |= BLK_FILE__OPEN; | ||
| 1636 | else if (S_ISFIFO(mode)) | ||
| 1637 | av |= FIFO_FILE__OPEN; | ||
| 1638 | else if (S_ISDIR(mode)) | ||
| 1639 | av |= DIR__OPEN; | ||
| 1640 | else | ||
| 1641 | printk(KERN_ERR "SELinux: WARNING: inside open_file_to_av " | ||
| 1642 | "with unknown mode:%x\n", mode); | ||
| 1643 | } | ||
| 1644 | return av; | ||
| 1645 | } | ||
| 1646 | |||
| 1618 | /* Convert a Linux file to an access vector. */ | 1647 | /* Convert a Linux file to an access vector. */ |
| 1619 | static inline u32 file_to_av(struct file *file) | 1648 | static inline u32 file_to_av(struct file *file) |
| 1620 | { | 1649 | { |
| @@ -2532,7 +2561,7 @@ static int selinux_inode_permission(struct inode *inode, int mask, | |||
| 2532 | } | 2561 | } |
| 2533 | 2562 | ||
| 2534 | return inode_has_perm(current, inode, | 2563 | return inode_has_perm(current, inode, |
| 2535 | file_mask_to_av(inode->i_mode, mask), NULL); | 2564 | open_file_mask_to_av(inode->i_mode, mask), NULL); |
| 2536 | } | 2565 | } |
| 2537 | 2566 | ||
| 2538 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | 2567 | static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) |