[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New audit-perms patch [ Re: Audit perms check on recv ]

On Mon, 2004-12-27 at 17:25, Serge E. Hallyn wrote:
> +	security_compute_av(tsec->sid, tsec->sid, SECCLASS_CAPABILITY, ~0,
> +							&avd);
> +	cap_mask(NETLINK_CB(skb).eff_cap, avd.allowed);

Sorry, on second thought, we likely don't want the performance and
locking overhead of security_compute_av() imposed on all netlink sends,
so I'd suggest the diff below relative to your patch to switch back to
using avc_has_perm_noaudit(), but clearing avd.allowed first to ensure a
well-defined value even upon error return and casting to void to avoid a
warning about ignoring the return value.

--- linux-2.6/security/selinux/hooks.c.orig	2004-12-28 07:55:06.526688392 -0500
+++ linux-2.6/security/selinux/hooks.c	2004-12-28 07:56:09.234155408 -0500
@@ -3551,8 +3551,9 @@ static int selinux_netlink_send(struct s
 	tsec = current->security;
-	security_compute_av(tsec->sid, tsec->sid, SECCLASS_CAPABILITY, ~0,
-							&avd);
+	avd.allowed = 0;
+	(void)avc_has_perm_noaudit(tsec->sid, tsec->sid, 
+				   SECCLASS_CAPABILITY, ~0, &avd);
 	cap_mask(NETLINK_CB(skb).eff_cap, avd.allowed);
 	if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)

Stephen Smalley <sds epoch ncsc mil>
National Security Agency

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]