From: Ondrej Mosnacek Date: Wed, 12 Jun 2019 08:12:26 +0000 (+0200) Subject: selinux: fix empty write to keycreate file X-Git-Tag: v4.19.61~206 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=914026d581007a67a911630a0a8afebdbe7d41d3;p=platform%2Fkernel%2Flinux-rpi.git selinux: fix empty write to keycreate file [ Upstream commit 464c258aa45b09f16aa0f05847ed8895873262d9 ] When sid == 0 (we are resetting keycreate_sid to the default value), we should skip the KEY__CREATE check. Before this patch, doing a zero-sized write to /proc/self/keycreate would check if the current task can create unlabeled keys (which would usually fail with -EACCESS and generate an AVC). Now it skips the check and correctly sets the task's keycreate_sid to 0. Bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1719067 Tested using the reproducer from the report above. Fixes: 4eb582cf1fbd ("[PATCH] keys: add a way to store the appropriate context for newly-created keys") Reported-by: Kir Kolyshkin Signed-off-by: Ondrej Mosnacek Signed-off-by: Paul Moore Signed-off-by: Sasha Levin --- diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 70bad15..109ab51 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6550,11 +6550,12 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) } else if (!strcmp(name, "fscreate")) { tsec->create_sid = sid; } else if (!strcmp(name, "keycreate")) { - error = avc_has_perm(&selinux_state, - mysid, sid, SECCLASS_KEY, KEY__CREATE, - NULL); - if (error) - goto abort_change; + if (sid) { + error = avc_has_perm(&selinux_state, mysid, sid, + SECCLASS_KEY, KEY__CREATE, NULL); + if (error) + goto abort_change; + } tsec->keycreate_sid = sid; } else if (!strcmp(name, "sockcreate")) { tsec->sockcreate_sid = sid;