Received: by 10.192.165.156 with SMTP id m28csp1132202imm; Wed, 11 Apr 2018 13:02:45 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+M+RgDNxw7a5RaxN0yr3tvuZA4jiNB1lUPlrRQuzQYb/2/Vzx6ajKm8zd4ZGxnSi85IQ5n X-Received: by 2002:a17:902:c24:: with SMTP id 33-v6mr6655032pls.88.1523476965722; Wed, 11 Apr 2018 13:02:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523476965; cv=none; d=google.com; s=arc-20160816; b=d27Y/xO9XUThwOzLGwnLCpCMAsyH4KVSoy0NwnuHs/qvvUgEzR3r/hnfZ6onyIfcwb YsBd3Z5PrA3pkwV1GR8jMvYGsOZmGtuleX0JiJ2jvC75D8Ja+ISX5AqYBDUgIUTWOHp+ GMlzeFhKiukvyUIJm+rb4V2NkYQSrWKQPhCyd9eFidvv1fKdQwvM8Dqu6pBx7v4zVZit 3H01vcOpaboktv2fBVGoft3mdvuXGJbwpboGlD4IHOsrDAz059irvOGIeSkAU/KMWt8K UC83rkK18e7M6tUit8qJvfsgWLWOOVtrN/J7L/uUkjCEKxC8IcxBGQQ2k7GpBIiXbg9/ 61vQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=MgiySfdHpDeGrMoVU4ofZ1BZtraKLR1q8nmUydwO3T0=; b=ymF+bXnXkBdXusXTr7u95LLyMPHOXyBXg28XiWQpEhj3pL7JLSs8bNr8IlUZrBqkz5 Xhdwh3auvClCLHadmv3JCcJjGeZmJFcCou+rXQWnbD1EHlW6u6yq5m0qsu+TfRfrKao0 gAkAC9uVIfjHfFpjJk2NknhswVTBYjxi7qdlsAojocmMuuIcmD9OVFRU5k+mg2aPqPc+ 8gJIqmENPBATrFcV3jN5rLVhfE4ECxfHf6at8+pOROlQOwTEi2LQ9OoMEFR6uvQ+tjef XDFhJhL64f/wfKkoDHdNkGzONWdmrmojG+Na21Ci09jn/oogyGa694F8kJYRcsamI3J7 gK3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q74si1339351pfg.295.2018.04.11.13.02.08; Wed, 11 Apr 2018 13:02:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756301AbeDKS4z (ORCPT + 99 others); Wed, 11 Apr 2018 14:56:55 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:35942 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756289AbeDKS4v (ORCPT ); Wed, 11 Apr 2018 14:56:51 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 06A86C03; Wed, 11 Apr 2018 18:56:50 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stephen Smalley , Paul Moore , Sasha Levin Subject: [PATCH 4.9 096/310] selinux: do not check open permission on sockets Date: Wed, 11 Apr 2018 20:33:55 +0200 Message-Id: <20180411183626.359291395@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180411183622.305902791@linuxfoundation.org> References: <20180411183622.305902791@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Stephen Smalley [ Upstream commit ccb544781d34afdb73a9a73ae53035d824d193bf ] open permission is currently only defined for files in the kernel (COMMON_FILE_PERMS rather than COMMON_FILE_SOCK_PERMS). Construction of an artificial test case that tries to open a socket via /proc/pid/fd will generate a recvfrom avc denial because recvfrom and open happen to map to the same permission bit in socket vs file classes. open of a socket via /proc/pid/fd is not supported by the kernel regardless and will ultimately return ENXIO. But we hit the permission check first and can thus produce these odd/misleading denials. Omit the open check when operating on a socket. Signed-off-by: Stephen Smalley Signed-off-by: Paul Moore Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- security/selinux/hooks.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2033,8 +2033,9 @@ static inline u32 file_to_av(struct file static inline u32 open_file_to_av(struct file *file) { u32 av = file_to_av(file); + struct inode *inode = file_inode(file); - if (selinux_policycap_openperm) + if (selinux_policycap_openperm && inode->i_sb->s_magic != SOCKFS_MAGIC) av |= FILE__OPEN; return av; @@ -3031,6 +3032,7 @@ static int selinux_inode_permission(stru static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) { const struct cred *cred = current_cred(); + struct inode *inode = d_backing_inode(dentry); unsigned int ia_valid = iattr->ia_valid; __u32 av = FILE__WRITE; @@ -3046,8 +3048,10 @@ static int selinux_inode_setattr(struct ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) return dentry_has_perm(cred, dentry, FILE__SETATTR); - if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE) - && !(ia_valid & ATTR_FILE)) + if (selinux_policycap_openperm && + inode->i_sb->s_magic != SOCKFS_MAGIC && + (ia_valid & ATTR_SIZE) && + !(ia_valid & ATTR_FILE)) av |= FILE__OPEN; return dentry_has_perm(cred, dentry, av);