Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> Okay, can you send the next version of the patch to the SELinux list for
> review?
Here you go. Note that I did this a few days ago and I actually used EACCES
rather than EPERM. Which one is one preferred for this?
David
---
selinux: Fix use of KEY_NEED_* instead of KEY__* perms
selinux_key_getsecurity() is passing the KEY_NEED_* permissions to
security_sid_to_context() instead of the KEY__* values. It happens to work
because the values are all coincident.
Fixes: d720024e94de ("[PATCH] selinux: add hooks for key subsystem")
Reported-by: Paul Moore <paul@xxxxxxxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
---
security/selinux/hooks.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 0b4e32161b77..6087955b49d8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6539,20 +6539,38 @@ static void selinux_key_free(struct key *k)
kfree(ksec);
}
+static unsigned int selinux_keyperm_to_av(unsigned int need_perm)
+{
+ switch (need_perm) {
+ case KEY_NEED_VIEW: return KEY__VIEW;
+ case KEY_NEED_READ: return KEY__READ;
+ case KEY_NEED_WRITE: return KEY__WRITE;
+ case KEY_NEED_SEARCH: return KEY__SEARCH;
+ case KEY_NEED_LINK: return KEY__LINK;
+ case KEY_NEED_SETATTR: return KEY__SETATTR;
+ default:
+ return 0;
+ }
+}
+
static int selinux_key_permission(key_ref_t key_ref,
const struct cred *cred,
- unsigned perm)
+ unsigned need_perm)
{
struct key *key;
struct key_security_struct *ksec;
+ unsigned int perm;
u32 sid;
/* if no specific permissions are requested, we skip the
permission check. No serious, additional covert channels
appear to be created. */
- if (perm == 0)
+ if (need_perm == 0)
return 0;
+ perm = selinux_keyperm_to_av(need_perm);
+ if (perm == 0)
+ return -EACCES;
sid = cred_sid(cred);
key = key_ref_to_ptr(key_ref);
