R0dn3yS/android_kernel_xiaomi_sm7250
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8e087a2aba
android_kernel_xiaomi_sm7250/security
History
Ondrej Mosnacek 914026d581 selinux: fix empty write to keycreate file 
[ Upstream commit 464c258aa45b09f16aa0f05847ed8895873262d9 ]

When sid == 0 (we are resetting keycreate_sid to the default value), we
should skip the KEY__CREATE check.

Before this patch, doing a zero-sized write to /proc/self/keycreate
would check if the current task can create unlabeled keys (which would
usually fail with -EACCESS and generate an AVC). Now it skips the check
and correctly sets the task's keycreate_sid to 0.

Bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1719067

Tested using the reproducer from the report above.

Fixes: 4eb582cf1f ("[PATCH] keys: add a way to store the appropriate context for newly-created keys")
Reported-by: Kir Kolyshkin <kir@sacred.ru>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-07-26 09:14:07 +02:00
..
apparmor apparmor: enforce nullbyte at end of tag string 2019-06-25 11:35:54 +08:00
integrity evm: check hash algorithm passed to init_desc() 2019-06-09 09:17:21 +02:00
keys keys: Fix dependency loop between construction record and auth key 2019-03-23 20:09:48 +01:00
loadpin
selinux selinux: fix empty write to keycreate file 2019-07-26 09:14:07 +02:00
smack smack: fix access permissions for keyring 2019-02-12 19:47:05 +01:00
tomoyo
yama
commoncap.c
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-04-27 09:36:40 +02:00
inode.c securityfs: fix use-after-free on symlink traversal 2019-05-25 18:23:42 +02:00
Kconfig
lsm_audit.c missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-19 13:12:41 +01:00
Makefile
min_addr.c
security.c