diff options
author | Eric Paris <eparis@redhat.com> | 2008-10-29 17:06:46 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-10-31 02:00:52 +1100 |
commit | 8b6a5a37f87a414ef8636e36ec75accb27bb7508 (patch) | |
tree | 26ff1dddb3c8727118b24819e83b4b7c500ff595 /security | |
parent | 0da939b0058742ad2d8580b7db6b966d0fc72252 (diff) | |
download | talos-op-linux-8b6a5a37f87a414ef8636e36ec75accb27bb7508.tar.gz talos-op-linux-8b6a5a37f87a414ef8636e36ec75accb27bb7508.zip |
SELinux: check open perms in dentry_open not inode_permission
Some operations, like searching a directory path or connecting a unix domain
socket, make explicit calls into inode_permission. Our choices are to
either try to come up with a signature for all of the explicit calls to
inode_permission and do not check open on those, or to move the open checks to
dentry_open where we know this is always an open operation. This patch moves
the checks to dentry_open.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/hooks.c | 59 |
1 files changed, 30 insertions, 29 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c679ba653e1d..03ff7db2a2ca 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1686,15 +1686,39 @@ static inline u32 file_mask_to_av(int mode, int mask) return av; } +/* Convert a Linux file to an access vector. */ +static inline u32 file_to_av(struct file *file) +{ + u32 av = 0; + + if (file->f_mode & FMODE_READ) + av |= FILE__READ; + if (file->f_mode & FMODE_WRITE) { + if (file->f_flags & O_APPEND) + av |= FILE__APPEND; + else + av |= FILE__WRITE; + } + if (!av) { + /* + * Special file opened with flags 3 for ioctl-only use. + */ + av = FILE__IOCTL; + } + + return av; +} + /* - * Convert a file mask to an access vector and include the correct open + * Convert a file to an access vector and include the correct open * open permission. */ -static inline u32 open_file_mask_to_av(int mode, int mask) +static inline u32 open_file_to_av(struct file *file) { - u32 av = file_mask_to_av(mode, mask); + u32 av = file_to_av(file); if (selinux_policycap_openperm) { + mode_t mode = file->f_path.dentry->d_inode->i_mode; /* * lnk files and socks do not really have an 'open' */ @@ -1710,34 +1734,11 @@ static inline u32 open_file_mask_to_av(int mode, int mask) av |= DIR__OPEN; else printk(KERN_ERR "SELinux: WARNING: inside %s with " - "unknown mode:%x\n", __func__, mode); + "unknown mode:%o\n", __func__, mode); } return av; } -/* Convert a Linux file to an access vector. */ -static inline u32 file_to_av(struct file *file) -{ - u32 av = 0; - - if (file->f_mode & FMODE_READ) - av |= FILE__READ; - if (file->f_mode & FMODE_WRITE) { - if (file->f_flags & O_APPEND) - av |= FILE__APPEND; - else - av |= FILE__WRITE; - } - if (!av) { - /* - * Special file opened with flags 3 for ioctl-only use. - */ - av = FILE__IOCTL; - } - - return av; -} - /* Hook functions begin here. */ static int selinux_ptrace_may_access(struct task_struct *child, @@ -2654,7 +2655,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) } return inode_has_perm(current, inode, - open_file_mask_to_av(inode->i_mode, mask), NULL); + file_mask_to_av(inode->i_mode, mask), NULL); } static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) @@ -3170,7 +3171,7 @@ static int selinux_dentry_open(struct file *file) * new inode label or new policy. * This check is not redundant - do not remove. */ - return inode_has_perm(current, inode, file_to_av(file), NULL); + return inode_has_perm(current, inode, open_file_to_av(file), NULL); } /* task security operations */ |