review.tizen.org Git - platform/kernel/linux-rpi3.git/commit

author	Stephen Smalley <sds@tycho.nsa.gov>
	Wed, 12 Dec 2018 15:10:55 +0000 (10:10 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 8 May 2019 05:21:54 +0000 (07:21 +0200)
commit	6b13ae52ac75da7970fde9d08c495a5671605473
tree	f5ad193d361f63bbfb871ed9a56d25497ac364af	tree \| snapshot
parent	53ffa56456fb3e8189e152e0d44dcb9911e6b871	commit \| diff

selinux: avoid silent denials in permissive mode under RCU walk

commit 3a28cff3bd4bf43f02be0c4e7933aebf3dc8197e upstream.

commit 0dc1ba24f7fff6 ("SELINUX: Make selinux cache VFS RCU walks safe")
results in no audit messages at all if in permissive mode because the
cache is updated during the rcu walk and thus no denial occurs on
the subsequent ref walk. Fix this by not updating the cache when
performing a non-blocking permission check. This only affects search
and symlink read checks during rcu walk.

Fixes: 0dc1ba24f7fff6 ("SELINUX: Make selinux cache VFS RCU walks safe")
Reported-by: BMK <bmktuwien@gmail.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

security/selinux/avc.c		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history
security/selinux/include/avc.h		diff \| blob \| history