a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ea548dec03
android_kernel_samsung_univ.../security
History
Stephen Smalley 60c26da547 selinux: do not check open permission on sockets 
[ Upstream commit ccb544781d34afdb73a9a73ae53035d824d193bf ]

open permission is currently only defined for files in the kernel
(COMMON_FILE_PERMS rather than COMMON_FILE_SOCK_PERMS). Construction of
an artificial test case that tries to open a socket via /proc/pid/fd will
generate a recvfrom avc denial because recvfrom and open happen to map to
the same permission bit in socket vs file classes.

open of a socket via /proc/pid/fd is not supported by the kernel regardless
and will ultimately return ENXIO. But we hit the permission check first and
can thus produce these odd/misleading denials.  Omit the open check when
operating on a socket.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-04-13 19:50:10 +02:00
..
apparmor apparmor: Make path_max parameter readonly 2018-03-22 09:23:24 +01:00
integrity ima: relax requiring a file signature for new files with zero length 2018-03-22 09:23:30 +01:00
keys KEYS: encrypted: fix buffer overread in valid_master_desc() 2018-02-16 20:09:38 +01:00
selinux selinux: do not check open permission on sockets 2018-04-13 19:50:10 +02:00
smack lsm: fix smack_inode_removexattr and xattr_getsecurity memleak 2017-10-12 11:27:32 +02:00
tomoyo
yama
commoncap.c
device_cgroup.c
inode.c
Kconfig KPTI: Rename to PAGE_TABLE_ISOLATION 2018-01-05 15:44:26 +01:00
lsm_audit.c
Makefile
min_addr.c
security.c