When a process performs a setcon() call, SELinux revalidates any open file descriptors. Any file descriptors not allowed by the new context are invalidated at setcon time.
Does the invalidation also occur for files which are mapped into memory, but for which the file descriptor is no longer open? For example, if I make the following sequence of calls
int fd = open("/some/file", O_RDWR);
char *memory = (char *) mmap(NULL, length, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
close(fd);
setcon("u:r:new_domain:s0");
printf("%s", memory);
and new_domain isn't permitted to access /some/file, what will be the behavior of the program above?
I was told (but haven't verified) that access to the region of memory will continued to be allowed even though the policy of new_domain doesn't permit access.
Expected? Should I be digging more?
--
Nick Kralevich | Android Security | nnk@xxxxxxxxxx | 650.214.4037
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
