• Stephen Smalley's avatar
    selinux: change the handling of unknown classes · 19439d05
    Stephen Smalley authored
    If allow_unknown==deny, SELinux treats an undefined kernel security
    class as an error condition rather than as a typical permission denial
    and thus does not allow permissions on undefined classes even when in
    permissive mode.  Change the SELinux logic so that this case is handled
    as a typical permission denial, subject to the usual permissive mode and
    permissive domain handling.
    
    Also drop the 'requested' argument from security_compute_av() and
    helpers as it is a legacy of the original security server interface and
    is unused.
    
    Changes:
    - Handle permissive domains consistently by moving up the test for a
    permissive domain.
    - Make security_compute_av_user() consistent with security_compute_av();
    the only difference now is that security_compute_av() performs mapping
    between the kernel-private class and permission indices and the policy
    values.  In the userspace case, this mapping is handled by libselinux.
    - Moved avd_init inside the policy lock.
    
    Based in part on a patch by Paul Moore <paul.moore@hp.com>.
    Reported-by: default avatarAndrew Worsley <amworsley@gmail.com>
    Signed-off-by: default avatarStephen D. Smalley <sds@tycho.nsa.gov>
    Reviewed-by: default avatarPaul Moore <paul.moore@hp.com>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    19439d05
avc.c 20.6 KB