diff options
authorJeff Vander Stoep <jeffv@google.com>2015-09-18 12:39:46 -0700
committerMark Salyzyn <salyzyn@google.com>2015-09-30 21:37:29 +0000
commite9e500827b871459306974c32a0b6398375ce7d5 (patch)
parente8205bb08bb7390609ef08cae49455954d7d93f1 (diff)
selinux: do not check open perm on ftruncate call
Use the ATTR_FILE attribute to distinguish between truncate() and ftruncate() system calls. The two other cases where do_truncate is called with a filp (and therefore ATTR_FILE is set) are for coredump files and for open(O_TRUNC). In both of those cases the open permission has already been checked during file open and therefore does not need to be repeated. Commit 95dbf739313f ("SELinux: check OPEN on truncate calls") fixed a major issue where domains were allowed to truncate files without the open permission. However, it introduced a new bug where a domain with the write permission can no longer ftruncate files without the open permission, even when they receive an already open file. (cherry picked from commit b21800f304392ee5d20f411c37470183cc779f11) Bug: 22567870 Change-Id: I2525a0e244c8d635b2d0c1f966071edbb365a43a Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com>
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 946120d21663..e5b9a06ddc58 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2946,7 +2946,8 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
return dentry_has_perm(cred, dentry, FILE__SETATTR);
- if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE))
+ if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE)
+ && !(ia_valid & ATTR_FILE))
av |= FILE__OPEN;
return dentry_has_perm(cred, dentry, av);