Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 2ae3ba39389b51d8502123de0a59374bec899c4d^! / . / security / selinux / ss / services.c
commit2ae3ba39389b51d8502123de0a59374bec899c4d[log] [tgz]
authorKaiGai Kohei <kaigai@ak.jp.nec.com>Wed Feb 17 08:49:41 2010 +0900
committerJames Morris <jmorris@namei.org>Mon Feb 22 08:27:41 2010 +1100
tree54c552fa9fa6c17b769f6aca3fd438e542b504a4
parent170800088666963de1111d62fb503889c8c82eda [diff] [blame]
selinux: libsepol: remove dead code in check_avtab_hierarchy_callback()

This patch revert the commit of 7d52a155e38d5a165759dbbee656455861bf7801
which removed a part of type_attribute_bounds_av as a dead code.
However, at that time, we didn't find out the target side boundary allows
to handle some of pseudo /proc/<pid>/* entries with its process's security
context well.

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>

--
 security/selinux/ss/services.c |   43 ++++++++++++++++++++++++++++++++++++---
 1 files changed, 39 insertions(+), 4 deletions(-)
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 0e5c3a4..cf27b3e 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c

@@ -525,14 +525,16 @@
 				     u16 tclass,
 				     struct av_decision *avd)
 {
+	struct context lo_scontext;
+	struct context lo_tcontext;
+	struct av_decision lo_avd;
 	struct type_datum *source
 		= policydb.type_val_to_struct[scontext->type - 1];
+	struct type_datum *target
+		= policydb.type_val_to_struct[tcontext->type - 1];
+	u32 masked = 0;
 
 	if (source->bounds) {
-		struct context lo_scontext;
-		struct av_decision lo_avd;
-		u32 masked;
-
 		memset(&lo_avd, 0, sizeof(lo_avd));
 
 		memcpy(&lo_scontext, scontext, sizeof(lo_scontext));
@@ -545,7 +547,40 @@
 		if ((lo_avd.allowed & avd->allowed) == avd->allowed)
 			return;		/* no masked permission */
 		masked = ~lo_avd.allowed & avd->allowed;
+	}
 
+	if (target->bounds) {
+		memset(&lo_avd, 0, sizeof(lo_avd));
+
+		memcpy(&lo_tcontext, tcontext, sizeof(lo_tcontext));
+		lo_tcontext.type = target->bounds;
+
+		context_struct_compute_av(scontext,
+					  &lo_tcontext,
+					  tclass,
+					  &lo_avd);
+		if ((lo_avd.allowed & avd->allowed) == avd->allowed)
+			return;		/* no masked permission */
+		masked = ~lo_avd.allowed & avd->allowed;
+	}
+
+	if (source->bounds && target->bounds) {
+		memset(&lo_avd, 0, sizeof(lo_avd));
+		/*
+		 * lo_scontext and lo_tcontext are already
+		 * set up.
+		 */
+
+		context_struct_compute_av(&lo_scontext,
+					  &lo_tcontext,
+					  tclass,
+					  &lo_avd);
+		if ((lo_avd.allowed & avd->allowed) == avd->allowed)
+			return;		/* no masked permission */
+		masked = ~lo_avd.allowed & avd->allowed;
+	}
+
+	if (masked) {
 		/* mask violated permissions */
 		avd->allowed &= ~masked;