From: Jeff Vander Stoep Date: Fri, 18 Sep 2015 19:39:46 +0000 (-0700) Subject: selinux: do not check open perm on ftruncate call X-Git-Tag: firefly_0821_release~3678^2~7 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=3841b3185d6229de871448af52a982da190ee98e;p=firefly-linux-kernel-4.4.55.git selinux: do not check open perm on ftruncate call Use the ATTR_FILE attribute to distinguish between truncate() and ftruncate() system calls. The two other cases where do_truncate is called with a filp (and therefore ATTR_FILE is set) are for coredump files and for open(O_TRUNC). In both of those cases the open permission has already been checked during file open and therefore does not need to be repeated. Commit 95dbf739313f ("SELinux: check OPEN on truncate calls") fixed a major issue where domains were allowed to truncate files without the open permission. However, it introduced a new bug where a domain with the write permission can no longer ftruncate files without the open permission, even when they receive an already open file. (cherry picked from commit b21800f304392ee5d20f411c37470183cc779f11) Bug: 22567870 Change-Id: Id7c305e46beba5091c2c777529bd468216aae1c3 Signed-off-by: Jeff Vander Stoep Acked-by: Stephen Smalley Signed-off-by: Paul Moore (cherry picked from commit df46bc83c1fc9b64b2e86290935a3ad550b2e56e) --- diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2cad844f0ad6..d157e55fee2c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2823,7 +2823,8 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) return dentry_has_perm(cred, dentry, FILE__SETATTR); - if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE)) + if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE) + && !(ia_valid & ATTR_FILE)) av |= FILE__OPEN; return dentry_has_perm(cred, dentry, av);