Received: by 2002:a05:7412:a9a3:b0:f9:327e:43ab with SMTP id o35csp132041rdh; Mon, 18 Dec 2023 06:28:02 -0800 (PST) X-Google-Smtp-Source: AGHT+IFK9MUXMXi0GTS1YjeXQuMK9f11V1bP35X6AS5eAA4crQLNHi9JO1lOWfv9lJiYX+e+J3Wt X-Received: by 2002:a05:6a20:9184:b0:18b:f90d:9d84 with SMTP id v4-20020a056a20918400b0018bf90d9d84mr21127977pzd.54.1702909682401; Mon, 18 Dec 2023 06:28:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702909682; cv=none; d=google.com; s=arc-20160816; b=Eb2I0MkFG0pzNuBF1QB3EP7LEJPHa+dtZiJe1X72+lVPOoeKwIgNAc1dShe6HHIg90 2qhJSxyXhPKViBju+I/efYsNfClXgneCLoNtinZF+XXcP29HQ69Kl5xpxeEpT6oIGhb5 yBDqt5w78Ca1R6enMz47zbe7tJxyR+0hrRt7E+SK4G1kR/jXzVxbRO/qXGjfoVQPos3C v9W4htSkaqX512I1UisKxT5wHZYDdiinl1TEgkl/S4/lD9pM2rbRc7vF6L+pxUmXBJEa ndktKyvTyxxj0ai5ZUXS2HzRZoxaUUaM1B6eVgcV6dcx7vk1hi7L2NWWGy2reDYmQbbm jCuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=LzQc1yULZChaDLQ9G/ihl8REJbHZhov+DE7MK87TVb0=; fh=zoHCTHbCB9D1g9x5vEVQGmHHMmHCkTfOhb4uva1CBM4=; b=sl1VdfM4uBk0ojE6UgX0vac9WA2wZ1bAOo4VOksc2YOKqpIEOmaYHFt6RF7Ea+ifei mtmwAImdtEN1DzvzySzp34ojAZKHCTg8Wh90BGq+rQoBarz2TCkYsP0f7GmdHGN18mxf HROds8acsYemzDdv3njd/5tjHBfQDUYNc7dh8L4wldbfggcqKWEXhSELunZ8RkLyjLiY pjjVaUxDTlr4spu6/a8N+jjCK4lzHdCV/CHDWS2s7GenuEMZ5LZWeMBgnqX8zyhXDeXM NOLvHAPITH5oMgAIn+d5KZ0iCc39IDq3EcKE4RJrOf0uvry66yxzQk+uyKclu0n1M5QY b+ng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=gr0maGAL; spf=pass (google.com: domain of linux-kernel+bounces-3831-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-3831-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id bs62-20020a632841000000b005acb3613ba9si17041773pgb.432.2023.12.18.06.28.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Dec 2023 06:28:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-3831-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=gr0maGAL; spf=pass (google.com: domain of linux-kernel+bounces-3831-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-3831-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 95676B22135 for ; Mon, 18 Dec 2023 14:23:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0452E1D141; Mon, 18 Dec 2023 14:23:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="gr0maGAL" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE66C129ED2 for ; Mon, 18 Dec 2023 14:23:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-40c2308faedso37107915e9.1 for ; Mon, 18 Dec 2023 06:23:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1702909408; x=1703514208; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=LzQc1yULZChaDLQ9G/ihl8REJbHZhov+DE7MK87TVb0=; b=gr0maGALSR52Eyn6HZ0rH2WG9HnEzVFbQ2nQoUbJlErLmPLZrJ5rn+w8wH3L7hr5f1 uyeuM/Kqz2jJb9uVfttqB3VMiff1lJvGo88GJKTHjtj0cIgFsme++XIE422ZRZytO97F T8CjJOoC3KyuZLAknDZ1/JRHefSV0HYfhF+UBtJkBCQJxSpJV7b4c8YJdDOLRTI+sM+E +yIRReU4VzDux188nZBBepttBd1sYYfD+u8rD1FSLQwIfC+HnT7MN1u98fUhwS68U/HV tBvfICpNi1I1WcrdbAEM9KL7HG9X/wWmq2vNj9900Xat8rbkx9s+QNiK1jCx3JHFYbJt 8bpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702909408; x=1703514208; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LzQc1yULZChaDLQ9G/ihl8REJbHZhov+DE7MK87TVb0=; b=SdJokm268tgcYEkv3ETOLQvG+35WU2HkYuntr0DYF6FApakBkBqCWWrCHKg4HzBWw6 P2Fp1t3lXRRdfMhDcDSgk9HhHFMJI1Qo2Ae/UFSe0xFEE6nHSKGmApmK707Gy8gY+64y 7SngtGtOlI7Pz81b0GzyX63HhB7lu1AK63fnadrRGpDv/cU7LwG/Hf80sj2nGSSh3yJv 12cGn4NbxGSzcVGZI4MneqmpksWfKB+Avr8EVXI6JNIk7ZjJPCEN+8D4VFUSPAfQ6qwx iLExdgGdIe4jGwzA7j7UeGnWTvXnnArh1x/B92/CmyQ4GykWQvOCCBFxxcRmRXPf7YJ7 iAZw== X-Gm-Message-State: AOJu0YwA84jrKgt+b4FcRehO/+ZcUTDfwHuPnMGy68HXXZu6qZtAIAkb 7Ydr0NQaeToj3f2OcWgzpLF8MV9axgnc4+cdVuNl3w== X-Received: by 2002:a05:600c:4d0e:b0:40b:5e1e:cf1 with SMTP id u14-20020a05600c4d0e00b0040b5e1e0cf1mr7965342wmp.44.1702909408123; Mon, 18 Dec 2023 06:23:28 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231218141645.2548743-1-alpic@google.com> In-Reply-To: <20231218141645.2548743-1-alpic@google.com> From: Alfred Piccioni Date: Mon, 18 Dec 2023 15:22:50 +0100 Message-ID: Subject: Re: [PATCH] SELinux: Introduce security_file_ioctl_compat hook To: Paul Moore , Stephen Smalley , Eric Paris Cc: stable@vger.kernel.org, selinux@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" > s/emmits/emits/ Fixed. > It doesn't (or shouldn't) replace security_file_ioctl, and the hook > doesn't appear to be conditional on CONFIG_COMPAT per se. > It is a new hook that is called from the compat ioctl syscall. The old > hook continues to be used from the regular ioctl syscall and > elsewhere. Yup, reworded to be more correct. Partially lack of understanding on my part of how the ioctl syscalls were being made. > I don't understand why you made this change, possibly a leftover of an > earlier version of the patch that tried to replace > security_file_ioctl() everywhere? Correct. Forgot to go back and remove it. Fixed. > By the way, for extra credit, you could augment the ioctl tests in the > selinux-testsuite to also exercise this new hook and confirm that it > works correctly. See > https://github.com/SELinuxProject/selinux-testsuite particularly > tests/ioctl and policy/test_ioctl.te. Feel free to ask for help on > that. I do like extra credit. I'll take a look and see if it's something I can tackle. I'm primarily doing ad hoc checks on Android devices, so I'm unsure how easy it will be for me to run the suite. I'll get back to you shortly on that.