2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-30 08:04:13 +08:00
linux-next/security/selinux
Richard Haines 65881e1db4 selinux: allow FIOCLEX and FIONCLEX with policy capability
These ioctls are equivalent to fcntl(fd, F_SETFD, flags), which SELinux
always allows too.  Furthermore, a failed FIOCLEX could result in a file
descriptor being leaked to a process that should not have access to it.

As this patch removes access controls, a policy capability needs to be
enabled in policy to always allow these ioctls.

Based-on-patch-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2022-02-25 15:35:19 -05:00
..
include selinux: allow FIOCLEX and FIONCLEX with policy capability 2022-02-25 15:35:19 -05:00
ss selinux: drop return statement at end of void functions 2022-02-18 10:42:12 -05:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
avc.c selinux: fix all of the W=1 build warnings 2021-10-13 16:31:51 -04:00
hooks.c selinux: allow FIOCLEX and FIONCLEX with policy capability 2022-02-25 15:35:19 -05:00
ibpkey.c selinux: various sparse fixes 2022-02-01 19:08:28 -05:00
ima.c ima: Add digest and digest_len params to the functions to measure a buffer 2021-07-23 09:27:02 -04:00
Kconfig Documentation,selinux: deprecate setting checkreqprot to 1 2020-02-10 10:49:01 -05:00
Makefile selinux: include a consumer of the new IMA critical data hook 2021-01-14 23:41:46 -05:00
netif.c selinux: remove unused global variables 2021-01-12 09:49:01 -05:00
netlabel.c security: pass asoc to sctp_assoc_request and sctp_sk_clone 2021-11-03 11:09:20 +00:00
netlink.c selinux: mark some global variables __ro_after_init 2021-01-12 10:08:55 -05:00
netnode.c selinux: various sparse fixes 2022-02-01 19:08:28 -05:00
netport.c selinux: various sparse fixes 2022-02-01 19:08:28 -05:00
nlmsgtab.c include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage 2021-09-14 10:31:35 +02:00
selinuxfs.c selinux: check return value of sel_make_avc_files 2022-01-25 19:21:21 -05:00
status.c selinux: move status variables out of selinux_ss 2020-02-10 10:49:01 -05:00
xfrm.c selinux: use correct type for context length 2022-02-18 10:45:54 -05:00