diff options
| author | Joel Stanley <joel@jms.id.au> | 2019-05-08 16:48:45 +0300 |
|---|---|---|
| committer | Joel Stanley <joel@jms.id.au> | 2019-05-08 16:48:48 +0300 |
| commit | d09fc0c4bdfbcbe251df247b5a94e2a07dec9c2f (patch) | |
| tree | 893d98100d3ede2ff76905a67e1b9798c8c88868 /security/selinux/avc.c | |
| parent | 76cc3bd0c342199b0bc0fd6afc7035274bf7a718 (diff) | |
| parent | 274ede3e1a5fb3d0fd33acafb08993e95972c51f (diff) | |
| download | linux-dev-5.0.tar.xz | |
Merge tag 'v5.0.14' into dev-5.0dev-5.0
This is the 5.0.14 stable release
Signed-off-by: Joel Stanley <joel@jms.id.au>
Diffstat (limited to 'security/selinux/avc.c')
| -rw-r--r-- | security/selinux/avc.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 635e5c1e3e48..5de18a6d5c3f 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -838,6 +838,7 @@ out: * @ssid,@tsid,@tclass : identifier of an AVC entry * @seqno : sequence number when decision was made * @xpd: extended_perms_decision to be added to the node + * @flags: the AVC_* flags, e.g. AVC_NONBLOCKING, AVC_EXTENDED_PERMS, or 0. * * if a valid AVC entry doesn't exist,this function returns -ENOENT. * if kmalloc() called internal returns NULL, this function returns -ENOMEM. @@ -856,6 +857,23 @@ static int avc_update_node(struct selinux_avc *avc, struct hlist_head *head; spinlock_t *lock; + /* + * If we are in a non-blocking code path, e.g. VFS RCU walk, + * then we must not add permissions to a cache entry + * because we cannot safely audit the denial. Otherwise, + * during the subsequent blocking retry (e.g. VFS ref walk), we + * will find the permissions already granted in the cache entry + * and won't audit anything at all, leading to silent denials in + * permissive mode that only appear when in enforcing mode. + * + * See the corresponding handling in slow_avc_audit(), and the + * logic in selinux_inode_follow_link and selinux_inode_permission + * for the VFS MAY_NOT_BLOCK flag, which is transliterated into + * AVC_NONBLOCKING for avc_has_perm_noaudit(). + */ + if (flags & AVC_NONBLOCKING) + return 0; + node = avc_alloc_node(avc); if (!node) { rc = -ENOMEM; @@ -1115,7 +1133,7 @@ decision: * @tsid: target security identifier * @tclass: target security class * @requested: requested permissions, interpreted based on @tclass - * @flags: AVC_STRICT or 0 + * @flags: AVC_STRICT, AVC_NONBLOCKING, or 0 * @avd: access vector decisions * * Check the AVC to determine whether the @requested permissions are granted @@ -1199,7 +1217,8 @@ int avc_has_perm_flags(struct selinux_state *state, struct av_decision avd; int rc, rc2; - rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested, 0, + rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested, + (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0, &avd); rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc, |