summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2014-04-21 11:10:26 -0700
committerStephane Desneux <stephane.desneux@open.eurogiciel.org>2015-02-04 11:23:22 +0100
commit2b0e472ba09c9ea000bdb7c7ed59f8a1bd1153ed (patch)
treef994a8692fa9a3c0a29d2ad0befedc3594a81e8b /security
parentd906cb03f391d903c785e17015fc0b3eca82e816 (diff)
downloadlinux-stable-2b0e472ba09c9ea000bdb7c7ed59f8a1bd1153ed.tar.gz
linux-stable-2b0e472ba09c9ea000bdb7c7ed59f8a1bd1153ed.tar.bz2
linux-stable-2b0e472ba09c9ea000bdb7c7ed59f8a1bd1153ed.zip
Smack: Verify read access on file open - v3
Smack believes that many of the operatons that can be performed on an open file descriptor are read operations. The fstat and lseek system calls are examples. An implication of this is that files shouldn't be open if the task doesn't have read access even if it has write access and the file is being opened write only. Targeted for git://git.gitorious.org/smack-next/kernel.git Change-Id: Iefff38549f9f2e242fd21fce42db067c4c4d8a12 Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_lsm.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 40f26810eb48..f2c30801ce41 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1462,19 +1462,32 @@ static int smack_file_receive(struct file *file)
/**
* smack_file_open - Smack dentry open processing
* @file: the object
- * @cred: unused
+ * @cred: task credential
*
* Set the security blob in the file structure.
+ * Allow the open only if the task has read access. There are
+ * many read operations (e.g. fstat) that you can do with an
+ * fd even if you have the file open write-only.
*
* Returns 0
*/
static int smack_file_open(struct file *file, const struct cred *cred)
{
+ struct task_smack *tsp = cred->security;
struct inode_smack *isp = file_inode(file)->i_security;
+ struct smk_audit_info ad;
+ int rc;
- file->f_security = isp->smk_inode;
+ if (smack_privileged(CAP_MAC_OVERRIDE))
+ return 0;
- return 0;
+ smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
+ smk_ad_setfield_u_fs_path(&ad, file->f_path);
+ rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad);
+ if (rc == 0)
+ file->f_security = isp->smk_inode;
+
+ return rc;
}
/*