diff options
| author | Serge Hallyn <hallyn@cs.wm.edu> | 2005-01-20 15:51:22 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-01-20 15:51:22 -0800 |
| commit | f2840fccfd30c7776d1b9bc877d3693bce2429be (patch) | |
| tree | 5a3ece61aa18517202a8400912f67d7ce6e5882a /security | |
| parent | fe00c037355a517b69608371479add1b68043127 (diff) | |
[PATCH] Fix audit control message checks
The audit control messages are sent over netlink. Permission checks are
done on the process receiving the message, which may not be the same as the
process sending the message. This patch switches the netlink_send security
hooks to calculate the effective capabilities based on the sender. Then
audit_receive_msg performs capability checks based on that.
It also introduces the CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL capabilities,
and replaces the previous CAP_SYS_ADMIN checks in audit code with the
appropriate checks.
- Simplified dummy_netlink_send given that dummy now keeps track of
capabilities.
- Many fixes based on feedback from <linux-audit@redhat.com> list.
- Removed the netlink_msg_type helper function.
- Switch to using CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/dummy.c | 5 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 18 |
2 files changed, 14 insertions, 9 deletions
diff --git a/security/dummy.c b/security/dummy.c index 72e6d71a79aa..acbfa5b60cde 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -685,10 +685,7 @@ static int dummy_sem_semop (struct sem_array *sma, static int dummy_netlink_send (struct sock *sk, struct sk_buff *skb) { - if (current->euid == 0) - cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN); - else - NETLINK_CB (skb).eff_cap = 0; + NETLINK_CB(skb).eff_cap = current->cap_effective; return 0; } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5ffcd61d957e..ff918e1ab662 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3502,12 +3502,20 @@ static inline int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) { - int err = 0; + struct task_security_struct *tsec; + struct av_decision avd; + int err; - if (capable(CAP_NET_ADMIN)) - cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN); - else - NETLINK_CB(skb).eff_cap = 0; + err = secondary_ops->netlink_send(sk, skb); + if (err) + return err; + + tsec = current->security; + + avd.allowed = 0; + avc_has_perm_noaudit(tsec->sid, tsec->sid, + SECCLASS_CAPABILITY, ~0, &avd); + cap_mask(NETLINK_CB(skb).eff_cap, avd.allowed); if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS) err = selinux_nlmsg_perm(sk, skb); |