bianbu-repo-mirror/bianbu-linux-6.6
1
0
Fork 0
mirror of https://gitee.com/bianbu-linux/linux-6.6 synced 2025-07-01 23:53:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"

Browse source 
This reverts commit e46e01eebb ("selinux: stop passing MAY_NOT_BLOCK
to the AVC upon follow_link"). The correct fix is to instead fall
back to ref-walk if audit is required irrespective of the specific
audit data type.  This is done in the next commit.

Fixes: e46e01eebb ("selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link")
Reported-by: Will Deacon <will@kernel.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Stephen Smalley 2019-11-22 12:22:44 -05:00 committed by Paul Moore
parent 59438b4647
commit 1a37079c23
3 changed files with 30 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
security/selinux/hooks.c
View file

@ -3004,8 +3004,9 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
if (IS_ERR(isec))
return PTR_ERR(isec);
return avc_has_perm(&selinux_state,
sid, isec->sid, isec->sclass, FILE__READ, &ad);
return avc_has_perm_flags(&selinux_state,
sid, isec->sid, isec->sclass, FILE__READ, &ad,
rcu ? MAY_NOT_BLOCK : 0);
}
static noinline int audit_inode_permission(struct inode *inode,