Currently, there are no LSM hooks in the AIO codepaths, which means that
LSM based access controls are not revalidated upon AIO read and write
operations. The patch below adds the security_file_permission() LSM hook
prior to the VFS aio_read()/aio_write() calls.
Please review and apply if ok.
Signed-off-by: James Morris <[email protected]>
diff -purN -X dontdiff linux-2.6.7-rc3.o/fs/aio.c linux-2.6.7-rc3.aio/fs/aio.c
--- linux-2.6.7-rc3.o/fs/aio.c 2004-06-07 18:54:13.000000000 -0400
+++ linux-2.6.7-rc3.aio/fs/aio.c 2004-06-14 20:47:22.338492008 -0400
@@ -27,6 +27,7 @@
#include <linux/aio.h>
#include <linux/highmem.h>
#include <linux/workqueue.h>
+#include <linux/security.h>
#include <asm/kmap_types.h>
#include <asm/uaccess.h>
@@ -1036,6 +1037,9 @@ int fastcall io_submit_one(struct kioctx
ret = -EFAULT;
if (unlikely(!access_ok(VERIFY_WRITE, buf, iocb->aio_nbytes)))
goto out_put_req;
+ ret = security_file_permission (file, MAY_READ);
+ if (ret)
+ goto out_put_req;
ret = -EINVAL;
if (file->f_op->aio_read)
ret = file->f_op->aio_read(req, buf,
@@ -1048,6 +1052,9 @@ int fastcall io_submit_one(struct kioctx
ret = -EFAULT;
if (unlikely(!access_ok(VERIFY_READ, buf, iocb->aio_nbytes)))
goto out_put_req;
+ ret = security_file_permission (file, MAY_WRITE);
+ if (ret)
+ goto out_put_req;
ret = -EINVAL;
if (file->f_op->aio_write)
ret = file->f_op->aio_write(req, buf,