security: revalidate rw permissions for sys_splice and sys_vmsplice
Revalidate read/write permissions for splice(2) and vmslice(2), in case security policy has changed since the files were opened. Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
This commit is contained in:
parent
d3f35d98b3
commit
29ce20586b
@ -28,6 +28,7 @@
|
||||
#include <linux/module.h>
|
||||
#include <linux/syscalls.h>
|
||||
#include <linux/uio.h>
|
||||
#include <linux/security.h>
|
||||
|
||||
/*
|
||||
* Attempt to steal a page from a pipe buffer. This should perhaps go into
|
||||
@ -961,6 +962,10 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
|
||||
if (unlikely(ret < 0))
|
||||
return ret;
|
||||
|
||||
ret = security_file_permission(out, MAY_WRITE);
|
||||
if (unlikely(ret < 0))
|
||||
return ret;
|
||||
|
||||
return out->f_op->splice_write(pipe, out, ppos, len, flags);
|
||||
}
|
||||
|
||||
@ -983,6 +988,10 @@ static long do_splice_to(struct file *in, loff_t *ppos,
|
||||
if (unlikely(ret < 0))
|
||||
return ret;
|
||||
|
||||
ret = security_file_permission(in, MAY_READ);
|
||||
if (unlikely(ret < 0))
|
||||
return ret;
|
||||
|
||||
return in->f_op->splice_read(in, ppos, pipe, len, flags);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user