diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2015-09-18 12:39:46 -0700 |
---|---|---|
committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2015-12-08 11:27:38 -0800 |
commit | 1a3d5796805298ea1e627ebf80326d2329a53ff6 (patch) | |
tree | 96ae6b7263d56adf01f45da5f8d38a530800b83e | |
parent | ff7cb3105ba39ed61ef67b86ae0d088d72fc13d7 (diff) | |
download | edison-v3.10-1a3d5796805298ea1e627ebf80326d2329a53ff6.tar.gz |
selinux: do not check open perm on ftruncate call
Use the ATTR_FILE attribute to distinguish between truncate()
and ftruncate() system calls. The two other cases where
do_truncate is called with a filp (and therefore ATTR_FILE is set)
are for coredump files and for open(O_TRUNC). In both of those cases
the open permission has already been checked during file open and
therefore does not need to be repeated.
Commit 95dbf739313f ("SELinux: check OPEN on truncate calls")
fixed a major issue where domains were allowed to truncate files
without the open permission. However, it introduced a new bug where
a domain with the write permission can no longer ftruncate files
without the open permission, even when they receive an already open
file.
(cherry picked from commit b21800f304392ee5d20f411c37470183cc779f11)
Bug: 22567870
Change-Id: Id7c305e46beba5091c2c777529bd468216aae1c3
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
-rw-r--r-- | security/selinux/hooks.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b6ddc24f01e..507267bb11a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2823,7 +2823,8 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) return dentry_has_perm(cred, dentry, FILE__SETATTR); - if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE)) + if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE) + && !(ia_valid & ATTR_FILE)) av |= FILE__OPEN; return dentry_has_perm(cred, dentry, av); |