rpms/kernel/devel linux-2.6-selinux-move-open-perms-check.patch, NONE, 1.1 kernel.spec, 1.1147, 1.1148
Dave Jones
davej at fedoraproject.org
Fri Dec 5 20:05:41 UTC 2008
- Previous message (by thread): rpms/dbus/devel .cvsignore, 1.34, 1.35 dbus.spec, 1.153, 1.154 sources, 1.35, 1.36
- Next message (by thread): rpms/virt-mem/devel virt-mem-0.3.1-bitstring2.patch, NONE, 1.1 virt-mem-0.3.1-dynlink.patch, NONE, 1.1 virt-mem.spec, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: davej
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19731
Modified Files:
kernel.spec
Added Files:
linux-2.6-selinux-move-open-perms-check.patch
Log Message:
SELinux: check open perms in dentry_open not inode_permission
linux-2.6-selinux-move-open-perms-check.patch:
--- NEW FILE linux-2.6-selinux-move-open-perms-check.patch ---
From: Eric Paris <eparis at redhat.com>
Date: Wed, 29 Oct 2008 21:06:46 +0000 (-0400)
Subject: SELinux: check open perms in dentry_open not inode_permission
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fjmorris%2Fsecurity-testing-2.6.git;a=commitdiff_plain;h=8b6a5a37f87a414ef8636e36ec75accb27bb7508
SELinux: check open perms in dentry_open not inode_permission
Some operations, like searching a directory path or connecting a unix domain
socket, make explicit calls into inode_permission. Our choices are to
either try to come up with a signature for all of the explicit calls to
inode_permission and do not check open on those, or to move the open checks to
dentry_open where we know this is always an open operation. This patch moves
the checks to dentry_open.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Stephen Smalley <sds at tycho.nsa.gov>
Signed-off-by: James Morris <jmorris at namei.org>
---
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c679ba6..03ff7db 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1686,15 +1686,39 @@ static inline u32 file_mask_to_av(int mode, int mask)
return av;
}
+/* Convert a Linux file to an access vector. */
+static inline u32 file_to_av(struct file *file)
+{
+ u32 av = 0;
+
+ if (file->f_mode & FMODE_READ)
+ av |= FILE__READ;
+ if (file->f_mode & FMODE_WRITE) {
+ if (file->f_flags & O_APPEND)
+ av |= FILE__APPEND;
+ else
+ av |= FILE__WRITE;
+ }
+ if (!av) {
+ /*
+ * Special file opened with flags 3 for ioctl-only use.
+ */
+ av = FILE__IOCTL;
+ }
+
+ return av;
+}
+
/*
- * Convert a file mask to an access vector and include the correct open
+ * Convert a file to an access vector and include the correct open
* open permission.
*/
-static inline u32 open_file_mask_to_av(int mode, int mask)
+static inline u32 open_file_to_av(struct file *file)
{
- u32 av = file_mask_to_av(mode, mask);
+ u32 av = file_to_av(file);
if (selinux_policycap_openperm) {
+ mode_t mode = file->f_path.dentry->d_inode->i_mode;
/*
* lnk files and socks do not really have an 'open'
*/
@@ -1710,34 +1734,11 @@ static inline u32 open_file_mask_to_av(int mode, int mask)
av |= DIR__OPEN;
else
printk(KERN_ERR "SELinux: WARNING: inside %s with "
- "unknown mode:%x\n", __func__, mode);
+ "unknown mode:%o\n", __func__, mode);
}
return av;
}
-/* Convert a Linux file to an access vector. */
-static inline u32 file_to_av(struct file *file)
-{
- u32 av = 0;
-
- if (file->f_mode & FMODE_READ)
- av |= FILE__READ;
- if (file->f_mode & FMODE_WRITE) {
- if (file->f_flags & O_APPEND)
- av |= FILE__APPEND;
- else
- av |= FILE__WRITE;
- }
- if (!av) {
- /*
- * Special file opened with flags 3 for ioctl-only use.
- */
- av = FILE__IOCTL;
- }
-
- return av;
-}
-
/* Hook functions begin here. */
static int selinux_ptrace_may_access(struct task_struct *child,
@@ -2654,7 +2655,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
}
return inode_has_perm(current, inode,
- open_file_mask_to_av(inode->i_mode, mask), NULL);
+ file_mask_to_av(inode->i_mode, mask), NULL);
}
static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
@@ -3170,7 +3171,7 @@ static int selinux_dentry_open(struct file *file)
* new inode label or new policy.
* This check is not redundant - do not remove.
*/
- return inode_has_perm(current, inode, file_to_av(file), NULL);
+ return inode_has_perm(current, inode, open_file_to_av(file), NULL);
}
/* task security operations */
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1147
retrieving revision 1.1148
diff -u -r1.1147 -r1.1148
--- kernel.spec 5 Dec 2008 20:02:16 -0000 1.1147
+++ kernel.spec 5 Dec 2008 20:05:11 -0000 1.1148
@@ -631,6 +631,7 @@
Patch530: linux-2.6-silence-fbcon-logo.patch
Patch570: linux-2.6-selinux-mprotect-checks.patch
Patch580: linux-2.6-sparc-selinux-mprotect-checks.patch
+Patch590: linux-2.6-selinux-move-open-perms-check.patch
Patch670: linux-2.6-ata-quirk.patch
Patch671: linux-2.6-libata-pata_it821x-fix-lba48-on-raid-volumes.patch
@@ -1238,6 +1239,8 @@
ApplyPatch linux-2.6-selinux-mprotect-checks.patch
# Fix SELinux for sparc
ApplyPatch linux-2.6-sparc-selinux-mprotect-checks.patch
+# SELinux: check open perms in dentry_open not inode_permission
+ApplyPatch linux-2.6-selinux-move-open-perms-check.patch
# Changes to upstream defaults.
@@ -1920,6 +1923,9 @@
%changelog
* Fri Dec 05 2008 Dave Jones <davej at redhat.com>
+- SELinux: check open perms in dentry_open not inode_permission
+
+* Fri Dec 05 2008 Dave Jones <davej at redhat.com>
- 2.6.28-rc7-git4
* Thu Dec 04 2008 Kyle McMartin <kyle at redhat.com>
- Previous message (by thread): rpms/dbus/devel .cvsignore, 1.34, 1.35 dbus.spec, 1.153, 1.154 sources, 1.35, 1.36
- Next message (by thread): rpms/virt-mem/devel virt-mem-0.3.1-bitstring2.patch, NONE, 1.1 virt-mem-0.3.1-dynlink.patch, NONE, 1.1 virt-mem.spec, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list