Signed-off-by: Joel Granados <j.granados@xxxxxxxxxxx>
---
security/selinux/hooks.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f553c370397e..a3f37ae5a980 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -21,6 +21,7 @@
* Copyright (C) 2016 Mellanox Technologies
*/
+#include "linux/nvme_ioctl.h"
#include <linux/init.h>
#include <linux/kd.h>
#include <linux/kernel.h>
@@ -7005,12 +7006,22 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd)
struct inode *inode = file_inode(file);
struct inode_security_struct *isec = selinux_inode(inode);
struct common_audit_data ad;
+ const struct cred *cred = current_cred();
ad.type = LSM_AUDIT_DATA_FILE;
ad.u.file = file;
- return avc_has_perm(&selinux_state, current_sid(), isec->sid,
- SECCLASS_IO_URING, IO_URING__CMD, &ad);
+ switch (ioucmd->cmd_op) {
+ case NVME_URING_CMD_IO:
+ case NVME_URING_CMD_IO_VEC:
+ case NVME_URING_CMD_ADMIN:
+ case NVME_URING_CMD_ADMIN_VEC:
+ return ioctl_has_perm(cred, file, FILE__IOCTL, (u16) ioucmd->cmd_op);
+ default:
+ return avc_has_perm(&selinux_state, current_sid(), isec->sid,
+ SECCLASS_IO_URING, IO_URING__CMD, &ad);
+ }
+
}
#endif /* CONFIG_IO_URING */
--
2.30.2
