diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2010-01-14 17:28:10 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-01-17 17:54:26 -0500 |
| commit | 19439d05b88dafc4e55d9ffce84ccc27cf8b2bcc (patch) | |
| tree | e529e1bbba49f30684c3b88a67df1d62ba3e11b1 /security/selinux/selinuxfs.c | |
| parent | 8d9525048c74786205b99f3fcd05a839721edfb7 (diff) | |
selinux: change the handling of unknown classes
If allow_unknown==deny, SELinux treats an undefined kernel security
class as an error condition rather than as a typical permission denial
and thus does not allow permissions on undefined classes even when in
permissive mode. Change the SELinux logic so that this case is handled
as a typical permission denial, subject to the usual permissive mode and
permissive domain handling.
Also drop the 'requested' argument from security_compute_av() and
helpers as it is a legacy of the original security server interface and
is unused.
Changes:
- Handle permissive domains consistently by moving up the test for a
permissive domain.
- Make security_compute_av_user() consistent with security_compute_av();
the only difference now is that security_compute_av() performs mapping
between the kernel-private class and permission indices and the policy
values. In the userspace case, this mapping is handled by libselinux.
- Moved avd_init inside the policy lock.
Based in part on a patch by Paul Moore <paul.moore@hp.com>.
Reported-by: Andrew Worsley <amworsley@gmail.com>
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/selinuxfs.c')
| -rw-r--r-- | security/selinux/selinuxfs.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index fab36fdf2769..b7bb0f5ec07c 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
| @@ -494,7 +494,6 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size) | |||
| 494 | char *scon, *tcon; | 494 | char *scon, *tcon; |
| 495 | u32 ssid, tsid; | 495 | u32 ssid, tsid; |
| 496 | u16 tclass; | 496 | u16 tclass; |
| 497 | u32 req; | ||
| 498 | struct av_decision avd; | 497 | struct av_decision avd; |
| 499 | ssize_t length; | 498 | ssize_t length; |
| 500 | 499 | ||
| @@ -512,7 +511,7 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size) | |||
| 512 | goto out; | 511 | goto out; |
| 513 | 512 | ||
| 514 | length = -EINVAL; | 513 | length = -EINVAL; |
| 515 | if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4) | 514 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) |
| 516 | goto out2; | 515 | goto out2; |
| 517 | 516 | ||
| 518 | length = security_context_to_sid(scon, strlen(scon)+1, &ssid); | 517 | length = security_context_to_sid(scon, strlen(scon)+1, &ssid); |
| @@ -522,9 +521,7 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size) | |||
| 522 | if (length < 0) | 521 | if (length < 0) |
| 523 | goto out2; | 522 | goto out2; |
| 524 | 523 | ||
| 525 | length = security_compute_av_user(ssid, tsid, tclass, req, &avd); | 524 | security_compute_av_user(ssid, tsid, tclass, &avd); |
| 526 | if (length < 0) | ||
| 527 | goto out2; | ||
| 528 | 525 | ||
| 529 | length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, | 526 | length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, |
| 530 | "%x %x %x %x %u %x", | 527 | "%x %x %x %x %u %x", |