On Thu, 2008-02-28 at 13:50 -0500, Christopher J. PeBenito wrote:
> On Thu, 2008-02-28 at 12:58 -0500, Eric Paris wrote:
> > Adds a new open permission inside SELinux when 'opening' a file. The
> > idea is that opening a file and reading/writing to that file are not the
> > same thing. Its different if a program had its stdout redirected
> > to /tmp/output than if the program tried to directly open /tmp/output.
> > This should allow policy writers to more liberally give read/write
> > permissions across the policy while still blocking many design and
> > programing flaws SELinux is so good at catching today.
> >
> > Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
> >
>
> What does open on a dir mean? Isn't that the same as the read perm?
open should only get checked at open(2) time, while read will get
checked both at open(2) time and if the descriptor is inherited or
transferred.
>
> > allow httpd_t user_tmp_t:dir { read open };
> [...]
> > + * Convert a file mask to an access vector and include the correct open
> > + * open permission.
> > + */
> > +static inline u32 open_file_mask_to_av(int mode, int mask)
> > +{
> > + u32 av = file_mask_to_av(mode, mask);
> > +
> > + if (selinux_policycap_openperm) {
> > + /*
> > + * lnk files and socks do not really have an 'open'
> > + */
> > + if (S_ISREG(mode))
> > + av |= FILE__OPEN;
> > + else if (S_ISCHR(mode))
> > + av |= CHR_FILE__OPEN;
> > + else if (S_ISBLK(mode))
> > + av |= BLK_FILE__OPEN;
> > + else if (S_ISFIFO(mode))
> > + av |= FIFO_FILE__OPEN;
> > + else if (S_ISDIR(mode))
> > + av |= DIR__OPEN;
> > + else
> > + printk(KERN_ERR "SELinux: WARNING: inside open_file_to_av "
> > + "with unknown mode:%x\n", mode);
> > + }
> > + return av;
> > +}
> > +
>
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
