From 19439d05b88dafc4e55d9ffce84ccc27cf8b2bcc Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Thu, 14 Jan 2010 17:28:10 -0500 Subject: selinux: change the handling of unknown classes If allow_unknown==deny, SELinux treats an undefined kernel security class as an error condition rather than as a typical permission denial and thus does not allow permissions on undefined classes even when in permissive mode. Change the SELinux logic so that this case is handled as a typical permission denial, subject to the usual permissive mode and permissive domain handling. Also drop the 'requested' argument from security_compute_av() and helpers as it is a legacy of the original security server interface and is unused. Changes: - Handle permissive domains consistently by moving up the test for a permissive domain. - Make security_compute_av_user() consistent with security_compute_av(); the only difference now is that security_compute_av() performs mapping between the kernel-private class and permission indices and the policy values. In the userspace case, this mapping is handled by libselinux. - Moved avd_init inside the policy lock. Based in part on a patch by Paul Moore . Reported-by: Andrew Worsley Signed-off-by: Stephen D. Smalley Reviewed-by: Paul Moore Signed-off-by: James Morris --- security/selinux/avc.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'security/selinux/avc.c') diff --git a/security/selinux/avc.c b/security/selinux/avc.c index f2dde268165..3ee9b6a8beb 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -746,9 +746,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, else avd = &avd_entry; - rc = security_compute_av(ssid, tsid, tclass, requested, avd); - if (rc) - goto out; + security_compute_av(ssid, tsid, tclass, avd); rcu_read_lock(); node = avc_insert(ssid, tsid, tclass, avd); } else { @@ -770,7 +768,6 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, } rcu_read_unlock(); -out: return rc; } -- cgit v1.2.3