diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2008-06-05 09:21:28 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-07-14 01:01:53 -0400 |
| commit | 242631c49d4cf39642741d6627750151b058233b (patch) | |
| tree | 26756c2b256cf5b14ca279a634d5bcc5e67b2b41 /security | |
| parent | abc69bb633931bf54c6db798bcdc6fd1e0284742 (diff) | |
selinux: simplify ioctl checking
Simplify and improve the robustness of the SELinux ioctl checking by
using the "access mode" bits of the ioctl command to determine the
permission check rather than dealing with individual command values.
This removes any knowledge of specific ioctl commands from SELinux
and follows the same guidance we gave to Smack earlier.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 48 |
1 files changed, 8 insertions, 40 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 91b666aec452..f53000803a5d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -42,9 +42,7 @@ | |||
| 42 | #include <linux/fdtable.h> | 42 | #include <linux/fdtable.h> |
| 43 | #include <linux/namei.h> | 43 | #include <linux/namei.h> |
| 44 | #include <linux/mount.h> | 44 | #include <linux/mount.h> |
| 45 | #include <linux/ext2_fs.h> | ||
| 46 | #include <linux/proc_fs.h> | 45 | #include <linux/proc_fs.h> |
| 47 | #include <linux/kd.h> | ||
| 48 | #include <linux/netfilter_ipv4.h> | 46 | #include <linux/netfilter_ipv4.h> |
| 49 | #include <linux/netfilter_ipv6.h> | 47 | #include <linux/netfilter_ipv6.h> |
| 50 | #include <linux/tty.h> | 48 | #include <linux/tty.h> |
| @@ -2903,46 +2901,16 @@ static void selinux_file_free_security(struct file *file) | |||
| 2903 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, | 2901 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, |
| 2904 | unsigned long arg) | 2902 | unsigned long arg) |
| 2905 | { | 2903 | { |
| 2906 | int error = 0; | 2904 | u32 av = 0; |
| 2907 | |||
| 2908 | switch (cmd) { | ||
| 2909 | case FIONREAD: | ||
| 2910 | /* fall through */ | ||
| 2911 | case FIBMAP: | ||
| 2912 | /* fall through */ | ||
| 2913 | case FIGETBSZ: | ||
| 2914 | /* fall through */ | ||
| 2915 | case EXT2_IOC_GETFLAGS: | ||
| 2916 | /* fall through */ | ||
| 2917 | case EXT2_IOC_GETVERSION: | ||
| 2918 | error = file_has_perm(current, file, FILE__GETATTR); | ||
| 2919 | break; | ||
| 2920 | |||
| 2921 | case EXT2_IOC_SETFLAGS: | ||
| 2922 | /* fall through */ | ||
| 2923 | case EXT2_IOC_SETVERSION: | ||
| 2924 | error = file_has_perm(current, file, FILE__SETATTR); | ||
| 2925 | break; | ||
| 2926 | |||
| 2927 | /* sys_ioctl() checks */ | ||
| 2928 | case FIONBIO: | ||
| 2929 | /* fall through */ | ||
| 2930 | case FIOASYNC: | ||
| 2931 | error = file_has_perm(current, file, 0); | ||
| 2932 | break; | ||
| 2933 | 2905 | ||
| 2934 | case KDSKBENT: | 2906 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
| 2935 | case KDSKBSENT: | 2907 | av |= FILE__WRITE; |
| 2936 | error = task_has_capability(current, CAP_SYS_TTY_CONFIG); | 2908 | if (_IOC_DIR(cmd) & _IOC_READ) |
| 2937 | break; | 2909 | av |= FILE__READ; |
| 2910 | if (!av) | ||
| 2911 | av = FILE__IOCTL; | ||
| 2938 | 2912 | ||
| 2939 | /* default case assumes that the command will go | 2913 | return file_has_perm(current, file, av); |
| 2940 | * to the file's ioctl() function. | ||
| 2941 | */ | ||
| 2942 | default: | ||
| 2943 | error = file_has_perm(current, file, FILE__IOCTL); | ||
| 2944 | } | ||
| 2945 | return error; | ||
| 2946 | } | 2914 | } |
| 2947 | 2915 | ||
| 2948 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) | 2916 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) |