diff options
author | Casey Schaufler <casey@schaufler-ca.com> | 2013-10-11 18:06:39 -0700 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2013-10-18 09:39:33 -0700 |
commit | c0ab6e56dcb7ca9903d460247cb464e769ae6e77 (patch) | |
tree | 52da39cb2798c0a4276d0d23fa3b4f1dbcd732f2 /security/smack/smack_access.c | |
parent | 5a5f2acfd04269e2e0958067216b68ff461c285c (diff) | |
download | linux-c0ab6e56dcb7ca9903d460247cb464e769ae6e77.tar.gz linux-c0ab6e56dcb7ca9903d460247cb464e769ae6e77.tar.bz2 linux-c0ab6e56dcb7ca9903d460247cb464e769ae6e77.zip |
Smack: Implement lock security mode
Linux file locking does not follow the same rules
as other mechanisms. Even though it is a write operation
a process can set a read lock on files which it has open
only for read access. Two programs with read access to
a file can use read locks to communicate.
This is not acceptable in a Mandatory Access Control
environment. Smack treats setting a read lock as the
write operation that it is. Unfortunately, many programs
assume that setting a read lock is a read operation.
These programs are unhappy in the Smack environment.
This patch introduces a new access mode (lock) to address
this problem. A process with lock access to a file can
set a read lock. A process with write access to a file can
set a read lock or a write lock. This prevents a situation
where processes are granted write access just so they can
set read locks.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smack_access.c')
-rw-r--r-- | security/smack/smack_access.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index b3b59b1e93d6..14293cd9b1e5 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -84,6 +84,8 @@ int log_policy = SMACK_AUDIT_DENIED; * * Do the object check first because that is more * likely to differ. + * + * Allowing write access implies allowing locking. */ int smk_access_entry(char *subject_label, char *object_label, struct list_head *rule_list) @@ -99,6 +101,11 @@ int smk_access_entry(char *subject_label, char *object_label, } } + /* + * MAY_WRITE implies MAY_LOCK. + */ + if ((may & MAY_WRITE) == MAY_WRITE) + may |= MAY_LOCK; return may; } @@ -245,6 +252,7 @@ out_audit: static inline void smack_str_from_perm(char *string, int access) { int i = 0; + if (access & MAY_READ) string[i++] = 'r'; if (access & MAY_WRITE) @@ -255,6 +263,8 @@ static inline void smack_str_from_perm(char *string, int access) string[i++] = 'a'; if (access & MAY_TRANSMUTE) string[i++] = 't'; + if (access & MAY_LOCK) + string[i++] = 'l'; string[i] = '\0'; } /** |