Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-11-01 10:33:27 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/security/selinux
History
Eric Paris 0b24dcb7f2 Revert "selinux: simplify ioctl checking" 
This reverts commit 242631c49d.

Conflicts:

	security/selinux/hooks.c

SELinux used to recognize certain individual ioctls and check
permissions based on the knowledge of the individual ioctl.  In commit
242631c49d the SELinux code stopped trying to understand
individual ioctls and to instead looked at the ioctl access bits to
determine in we should check read or write for that operation.  This
same suggestion was made to SMACK (and I believe copied into TOMOYO).
But this suggestion is total rubbish.  The ioctl access bits are
actually the access requirements for the structure being passed into the
ioctl, and are completely unrelated to the operation of the ioctl or the
object the ioctl is being performed upon.

Take FS_IOC_FIEMAP as an example.  FS_IOC_FIEMAP is defined as:

FS_IOC_FIEMAP _IOWR('f', 11, struct fiemap)

So it has access bits R and W.  What this really means is that the
kernel is going to both read and write to the struct fiemap.  It has
nothing at all to do with the operations that this ioctl might perform
on the file itself!

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2011-02-25 15:40:00 -05:00
..
include selinux: drop unused packet flow permissions 2011-02-25 15:40:00 -05:00
ss SELinux: Use dentry name in new object labeling 2011-02-01 11:12:30 -05:00
.gitignore
avc.c SELinux: special dontaudit for access checks 2010-08-02 15:35:07 +10:00
exports.c secmark: make secmark object handling generic 2010-10-21 10:12:48 +11:00
hooks.c Revert "selinux: simplify ioctl checking" 2011-02-25 15:40:00 -05:00
Kconfig
Makefile selinux: change to new flag variable 2010-10-21 10:12:40 +11:00
netif.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
netlabel.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
netlink.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
netnode.c selinux: remove all rcu head initializations 2010-08-02 15:33:35 +10:00
netport.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nlmsgtab.c SELinux: define permissions for DCB netlink messages 2010-12-16 12:50:17 -05:00
selinuxfs.c Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into next 2011-01-10 10:40:42 +11:00
xfrm.c selinux: Fix check for xfrm selinux context algorithm 2011-02-25 15:00:44 -05:00