commit 8cf948e744e0218af604c32edecde10006dc8e9e · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

SELinux: call cap_file_mmap in selinux_file_mmap

Currently SELinux does not check CAP_SYS_RAWIO in the file_mmap hook. This
means there is no DAC check on the ability to mmap low addresses in the
memory space. This function adds the DAC check for CAP_SYS_RAWIO while
maintaining the selinux check on mmap_zero. This means that processes
which need to mmap low memory will need CAP_SYS_RAWIO and mmap_zero but will
NOT need the SELinux sys_rawio capability.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

authored by Eric Paris and committed by James Morris 16 years ago 8cf948e7 9c0d9010

+13 -1

1 changed file

expand all

unified split

security

selinux

hooks.c

+13 -1

security/selinux/hooks.c

··· 3030 int rc = 0; 3031 u32 sid = current_sid(); 3032 3033 - if (addr < mmap_min_addr) 3034 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, 3035 MEMPROTECT__MMAP_ZERO, NULL); 3036 if (rc || addr_only) 3037 return rc; 3038

··· 3030 int rc = 0; 3031 u32 sid = current_sid(); 3032 3033 + /* 3034 + * notice that we are intentionally putting the SELinux check before 3035 + * the secondary cap_file_mmap check. This is such a likely attempt 3036 + * at bad behaviour/exploit that we always want to get the AVC, even 3037 + * if DAC would have also denied the operation. 3038 + */ 3039 + if (addr < mmap_min_addr) { 3040 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, 3041 MEMPROTECT__MMAP_ZERO, NULL); 3042 + if (rc) 3043 + return rc; 3044 + } 3045 + 3046 + /* do DAC check on address space usage */ 3047 + rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); 3048 if (rc || addr_only) 3049 return rc; 3050