R0dn3yS/android_kernel_xiaomi_sm7250
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8e087a2aba
android_kernel_xiaomi_sm7250/security/selinux
History
Ondrej Mosnacek 914026d581 selinux: fix empty write to keycreate file 
[ Upstream commit 464c258aa45b09f16aa0f05847ed8895873262d9 ]

When sid == 0 (we are resetting keycreate_sid to the default value), we
should skip the KEY__CREATE check.

Before this patch, doing a zero-sized write to /proc/self/keycreate
would check if the current task can create unlabeled keys (which would
usually fail with -EACCESS and generate an AVC). Now it skips the check
and correctly sets the task's keycreate_sid to 0.

Bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1719067

Tested using the reproducer from the report above.

Fixes: 4eb582cf1f ("[PATCH] keys: add a way to store the appropriate context for newly-created keys")
Reported-by: Kir Kolyshkin <kir@sacred.ru>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-07-26 09:14:07 +02:00
..
include selinux: avoid silent denials in permissive mode under RCU walk 2019-05-08 07:21:54 +02:00
ss selinux: fix GPF on invalid policy 2019-01-22 21:40:35 +01:00
.gitignore
avc.c selinux: avoid silent denials in permissive mode under RCU walk 2019-05-08 07:21:54 +02:00
exports.c
hooks.c selinux: fix empty write to keycreate file 2019-07-26 09:14:07 +02:00
ibpkey.c
Kconfig
Makefile
netif.c
netlabel.c selinux: avoid uninitialized variable warning 2019-05-31 06:46:31 -07:00
netlink.c
netnode.c
netport.c
nlmsgtab.c selinux: add support for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN 2018-12-08 12:59:08 +01:00
selinuxfs.c selinux/stable-4.18 PR 20180814 2018-08-15 10:39:06 -07:00
xfrm.c