Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp685035ybv; Thu, 13 Feb 2020 07:44:32 -0800 (PST) X-Google-Smtp-Source: APXvYqyGLSVpVyTiGM+PjXNgMqtLZJ+UvURlH1Owt5HEJSqLDjHn2pS29A4r2C3MGWNCBkTWMx7E X-Received: by 2002:a05:6808:312:: with SMTP id i18mr3454910oie.44.1581608672508; Thu, 13 Feb 2020 07:44:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581608672; cv=none; d=google.com; s=arc-20160816; b=rk2xWptv0OeQ0Kse24nGBq5WQ+y8wgwO7g6k8Xq3PuDgP32AP+D5VWkWcFF2cXOt5f pvoTwNKG/RYayDs+wVS3qZVZaioXW0/41eTc9j9AiHZpfv67NW/vj22MwJIFRSqUd6Dp YxxEmQXTNMGWKeSz0Db5MmSizHAH/0OfFUqajT1A3puNaLfPG5fNpC3aEmnE++t1wBdE n61oDB/4lHx6a6QYeb2WmKLlOibH74oYZH6oH/RwjL6Tl3HlGecDq2Ezq1AsT1f029wE Lfzd0Ueigqd9ebpGlyP1dqxJmzoSVhu+A7oV4vjrLTX9+53lBQ38GHOm3ukBHhFJMlMc u1CQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=nlj++5QUcX5QRHAp5RSra1RnZfvXMLy3z8ySJZJJB08=; b=M5/ogtUaEREKijxNT0DWJhQCIyu4GlCGcWMPwpdNLUPTF6GjZmxmCzMQvf6FE0CkI1 +S6Z1HzZypXUn4IoxvTB8qCInxBzWdSJ40RYi94dlL9cn6Don6sIZhenCIp4QjrlrchC 8Yazr5c9CjiUrvh1YiJDQoMWG0CdRoADGSVJIYkHyKSEzQlUeCBi2ayTMiZ2pzCkd0WY EhdQ5h7E5WHwWxrXHNYa021i+02+8C/BB1C8ode0Zo1O3MxhkztrH5kHsJQZOGJDk8Ji ev780hvHneeVbvNEwlnJ1KHDQdACu/nsTQXKRq9rajN0zNNQk5yIXpCquQ+34CjKrfPv KI+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uUn2bypk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o2si1400352otj.312.2020.02.13.07.44.20; Thu, 13 Feb 2020 07:44:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uUn2bypk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387871AbgBMPoM (ORCPT + 99 others); Thu, 13 Feb 2020 10:44:12 -0500 Received: from mail.kernel.org ([198.145.29.99]:52406 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729493AbgBMP1p (ORCPT ); Thu, 13 Feb 2020 10:27:45 -0500 Received: from localhost (unknown [104.132.1.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DF36224670; Thu, 13 Feb 2020 15:27:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581607665; bh=rRVGBJoAk4p4b9bDiH9vGGzq0KWGMCjQPhZI4jrpP8U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uUn2bypk6DAnv9HmuFoKttHAMaxbB+QSZgEp2y6ZDIQFS0rFVNFsHJbDxMAFXT+zG thDgl+5IpSvOQ6GO9y5vGheXzqylvo5FswpInl2cMrsmBQNMWAkXgLmlu3+pFVyPFB G/tTdlJqHI7AIq7P2BsRFsoS6bAt8y8zy6XLLCnQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Will Deacon , Stephen Smalley , Paul Moore Subject: [PATCH 5.4 85/96] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" Date: Thu, 13 Feb 2020 07:21:32 -0800 Message-Id: <20200213151911.147099125@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200213151839.156309910@linuxfoundation.org> References: <20200213151839.156309910@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stephen Smalley commit 1a37079c236d55fb31ebbf4b59945dab8ec8764c upstream. This reverts commit e46e01eebbbc ("selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link"). The correct fix is to instead fall back to ref-walk if audit is required irrespective of the specific audit data type. This is done in the next commit. Fixes: e46e01eebbbc ("selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link") Reported-by: Will Deacon Signed-off-by: Stephen Smalley Signed-off-by: Paul Moore Signed-off-by: Greg Kroah-Hartman --- security/selinux/avc.c | 24 ++++++++++++++++++++++-- security/selinux/hooks.c | 5 +++-- security/selinux/include/avc.h | 5 +++++ 3 files changed, 30 insertions(+), 4 deletions(-) --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -862,8 +862,9 @@ static int avc_update_node(struct selinu * permissive mode that only appear when in enforcing mode. * * See the corresponding handling in slow_avc_audit(), and the - * logic in selinux_inode_permission for the MAY_NOT_BLOCK flag, - * which is transliterated into AVC_NONBLOCKING. + * logic in selinux_inode_follow_link and selinux_inode_permission + * for the VFS MAY_NOT_BLOCK flag, which is transliterated into + * AVC_NONBLOCKING for avc_has_perm_noaudit(). */ if (flags & AVC_NONBLOCKING) return 0; @@ -1203,6 +1204,25 @@ int avc_has_perm(struct selinux_state *s if (rc2) return rc2; return rc; +} + +int avc_has_perm_flags(struct selinux_state *state, + u32 ssid, u32 tsid, u16 tclass, u32 requested, + struct common_audit_data *auditdata, + int flags) +{ + struct av_decision avd; + int rc, rc2; + + rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested, + (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0, + &avd); + + rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc, + auditdata, flags); + if (rc2) + return rc2; + return rc; } u32 avc_policy_seqno(struct selinux_state *state) --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3008,8 +3008,9 @@ static int selinux_inode_follow_link(str if (IS_ERR(isec)) return PTR_ERR(isec); - return avc_has_perm(&selinux_state, - sid, isec->sid, isec->sclass, FILE__READ, &ad); + return avc_has_perm_flags(&selinux_state, + sid, isec->sid, isec->sclass, FILE__READ, &ad, + rcu ? MAY_NOT_BLOCK : 0); } static noinline int audit_inode_permission(struct inode *inode, --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -153,6 +153,11 @@ int avc_has_perm(struct selinux_state *s u32 ssid, u32 tsid, u16 tclass, u32 requested, struct common_audit_data *auditdata); +int avc_has_perm_flags(struct selinux_state *state, + u32 ssid, u32 tsid, + u16 tclass, u32 requested, + struct common_audit_data *auditdata, + int flags); int avc_has_extended_perms(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass, u32 requested,