[PATCH 05/11] security: revalidate rw permissions for sys_spliceand sys_vmsplice

From: James Morris
Date: Sun Jul 08 2007 - 22:58:23 EST

Next message: James Morris: "[PATCH 06/11] selinux: introduce schedule points in policydb_destroy()"
Previous message: James Morris: "[PATCH 04/11] selinux: add selinuxfs structure for object classdiscovery"
In reply to: James Morris: "[PATCH 04/11] selinux: add selinuxfs structure for object classdiscovery"
Next in thread: James Morris: "Re: [PATCH 05/11] security: revalidate rw permissions for sys_spliceand sys_vmsplice"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Revalidate read/write permissions for splice(2) and vmslice(2), in case
security policy has changed since the files were opened.

Signed-off-by: James Morris <jmorris@xxxxxxxxx>
Signed-off-by: Jens Axboe <jens.axboe@xxxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
---
fs/splice.c | 14 ++++++++++++++
1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/fs/splice.c b/fs/splice.c
index e7d7080..98025ec 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -28,6 +28,7 @@
#include <linux/module.h>
#include <linux/syscalls.h>
#include <linux/uio.h>
+#include <linux/security.h>

struct partial_page {
unsigned int offset;
@@ -931,6 +932,10 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
if (unlikely(ret < 0))
return ret;

+ ret = security_file_permission(out, MAY_WRITE);
+ if (unlikely(ret < 0))
+ return ret;
+
return out->f_op->splice_write(pipe, out, ppos, len, flags);
}

@@ -953,6 +958,10 @@ static long do_splice_to(struct file *in, loff_t *ppos,
if (unlikely(ret < 0))
return ret;

+ ret = security_file_permission(in, MAY_READ);
+ if (unlikely(ret < 0))
+ return ret;
+
return in->f_op->splice_read(in, ppos, pipe, len, flags);
}

@@ -1271,6 +1280,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
static long do_vmsplice(struct file *file, const struct iovec __user *iov,
unsigned long nr_segs, unsigned int flags)
{
+ long err;
struct pipe_inode_info *pipe;
struct page *pages[PIPE_BUFFERS];
struct partial_page partial[PIPE_BUFFERS];
@@ -1289,6 +1299,10 @@ static long do_vmsplice(struct file *file, const struct iovec __user *iov,
else if (unlikely(!nr_segs))
return 0;

+ err = security_file_permission(file, MAY_WRITE);
+ if (unlikely(err < 0))
+ return err;
+
spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial,
flags & SPLICE_F_GIFT);
if (spd.nr_pages <= 0)
--
1.5.0.6

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Morris: "[PATCH 06/11] selinux: introduce schedule points in policydb_destroy()"
Previous message: James Morris: "[PATCH 04/11] selinux: add selinuxfs structure for object classdiscovery"
In reply to: James Morris: "[PATCH 04/11] selinux: add selinuxfs structure for object classdiscovery"
Next in thread: James Morris: "Re: [PATCH 05/11] security: revalidate rw permissions for sys_spliceand sys_vmsplice"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]