OpenCloudOS-Kernel/security/tomoyo
Alfred Piccioni 820831de22 lsm: new security_file_ioctl_compat() hook
commit f1bb47a31dff6d4b34fb14e99850860ee74bb003 upstream.

Some ioctl commands do not require ioctl permission, but are routed to
other permissions such as FILE_GETATTR or FILE_SETATTR. This routing is
done by comparing the ioctl cmd to a set of 64-bit flags (FS_IOC_*).

However, if a 32-bit process is running on a 64-bit kernel, it emits
32-bit flags (FS_IOC32_*) for certain ioctl operations. These flags are
being checked erroneously, which leads to these ioctl operations being
routed to the ioctl permission, rather than the correct file
permissions.

This was also noted in a RED-PEN finding from a while back -
"/* RED-PEN how should LSM module know it's handling 32bit? */".

This patch introduces a new hook, security_file_ioctl_compat(), that is
called from the compat ioctl syscall. All current LSMs have been changed
to support this hook.

Reviewing the three places where we are currently using
security_file_ioctl(), it appears that only SELinux needs a dedicated
compat change; TOMOYO and SMACK appear to be functional without any
change.

Cc: stable@vger.kernel.org
Fixes: 0b24dcb7f2 ("Revert "selinux: simplify ioctl checking"")
Signed-off-by: Alfred Piccioni <alpic@google.com>
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
[PM: subject tweak, line length fixes, and alignment corrections]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-01-31 16:18:54 -08:00
..
policy tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
Kconfig tomoyo: Update website link 2023-01-13 23:11:38 +09:00
Makefile tomoyo: Omit use of bin2c 2023-01-09 21:46:50 +09:00
audit.c tomoyo: replace tomoyo_round2() with kmalloc_size_roundup() 2023-03-01 23:46:12 +09:00
common.c tomoyo: add format attributes to functions 2023-07-23 21:25:28 +09:00
common.h tomoyo: remove unused function declaration 2023-08-13 22:07:15 +09:00
condition.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
domain.c tomoyo: refactor deprecated strncpy 2023-08-05 19:55:10 +09:00
environ.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file.c tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
gc.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
group.c tomoyo: Suppress RCU warning at list_for_each_entry_rcu(). 2019-12-16 23:02:27 +09:00
load_policy.c TOMOYO: fix __setup handlers return values 2022-02-24 07:45:07 +09:00
memory.c tomoyo: Fix null pointer check 2020-11-27 19:36:11 +09:00
mount.c tomoyo: Coding style fix. 2019-01-24 14:50:27 -08:00
network.c tomoyo: don't special case PF_IO_WORKER for PF_KTHREAD 2021-03-28 13:11:29 +09:00
realpath.c tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
securityfs_if.c tomoyo: fix doc warnings 2021-06-16 00:01:28 +09:00
tomoyo.c lsm: new security_file_ioctl_compat() hook 2024-01-31 16:18:54 -08:00
util.c tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() 2021-12-15 20:13:55 +09:00