From dc3149bd0e300d0fcd245aef94cbbd71bc7ec0ab Mon Sep 17 00:00:00 2001 From: "Stephen D. Smalley" Date: Wed, 9 Mar 2005 16:28:59 -0800 Subject: [PATCH] SELinux: fix selinux_setprocattr This patch changes the selinux_setprocattr hook function (which handles writes to nodes in the /proc/pid/attr directory) to ignore an optional terminating newline at the end of the value, and to handle a value beginning with a newline or a null in the same manner as a zero length value (clearing the attribute for the process and resetting it to using the default policy behavior). This change is to address the divergence from POSIX in the existing API, as POSIX says that write(2) with a zero count will return zero with no other effect, as well as to simplify use of the API from scripts (although that isn't recommended). Signed-off-by: Stephen Smalley Signed-off-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/hooks.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'security') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 575eeb935913..63e47c020a0f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4106,6 +4106,7 @@ static int selinux_setprocattr(struct task_struct *p, struct task_security_struct *tsec; u32 sid = 0; int error; + char *str = value; if (current != p) { /* SELinux only allows a process to change its own @@ -4130,8 +4131,11 @@ static int selinux_setprocattr(struct task_struct *p, return error; /* Obtain a SID for the context, if one was specified. */ - if (size) { - int error; + if (size && str[1] && str[1] != '\n') { + if (str[size-1] == '\n') { + str[size-1] = 0; + size--; + } error = security_context_to_sid(value, size, &sid); if (error) return error; -- cgit v1.2.3