> I'd say we revert the changeset and restore the prior behavior.
> I don't think we should impose the latter convention on policy writers.
OK, fair enough for me.
This patch revert the commit of 7d52a155e38d5a165759dbbee656455861bf7801
which removed a part of type_attribute_bounds_av as a dead code.
However, at that time, we didn't find out the target side boundary allows
to handle some of pseudo /proc/<pid>/* entries with its process's security
context well.
Signed-off-by: KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
--
security/selinux/ss/services.c | 43 ++++++++++++++++++++++++++++++++++++---
1 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4e976f5..42d423c 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -524,14 +524,16 @@ static void type_attribute_bounds_av(struct context *scontext,
u16 tclass,
struct av_decision *avd)
{
+ struct context lo_scontext;
+ struct context lo_tcontext;
+ struct av_decision lo_avd;
struct type_datum *source
= policydb.type_val_to_struct[scontext->type - 1];
+ struct type_datum *target
+ = policydb.type_val_to_struct[tcontext->type - 1];
+ u32 masked = 0;
if (source->bounds) {
- struct context lo_scontext;
- struct av_decision lo_avd;
- u32 masked;
-
memset(&lo_avd, 0, sizeof(lo_avd));
memcpy(&lo_scontext, scontext, sizeof(lo_scontext));
@@ -544,7 +546,40 @@ static void type_attribute_bounds_av(struct context *scontext,
if ((lo_avd.allowed & avd->allowed) == avd->allowed)
return; /* no masked permission */
masked = ~lo_avd.allowed & avd->allowed;
+ }
+
+ if (target->bounds) {
+ memset(&lo_avd, 0, sizeof(lo_avd));
+
+ memcpy(&lo_tcontext, tcontext, sizeof(lo_tcontext));
+ lo_tcontext.type = target->bounds;
+
+ context_struct_compute_av(scontext,
+ &lo_tcontext,
+ tclass,
+ &lo_avd);
+ if ((lo_avd.allowed & avd->allowed) == avd->allowed)
+ return; /* no masked permission */
+ masked = ~lo_avd.allowed & avd->allowed;
+ }
+
+ if (source->bounds && target->bounds) {
+ memset(&lo_avd, 0, sizeof(lo_avd));
+ /*
+ * lo_scontext and lo_tcontext are already
+ * set up.
+ */
+
+ context_struct_compute_av(&lo_scontext,
+ &lo_tcontext,
+ tclass,
+ &lo_avd);
+ if ((lo_avd.allowed & avd->allowed) == avd->allowed)
+ return; /* no masked permission */
+ masked = ~lo_avd.allowed & avd->allowed;
+ }
+ if (masked) {
/* mask violated permissions */
avd->allowed &= ~masked;
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
