Commit 464c258a authored Jun 12, 2019 by Ondrej Mosnacek Committed by Paul Moore Jun 12, 2019

selinux: fix empty write to keycreate file

When sid == 0 (we are resetting keycreate_sid to the default value), we
should skip the KEY__CREATE check.

Before this patch, doing a zero-sized write to /proc/self/keycreate
would check if the current task can create unlabeled keys (which would
usually fail with -EACCESS and generate an AVC). Now it skips the check
and correctly sets the task's keycreate_sid to 0.

Bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1719067



Tested using the reproducer from the report above.

Fixes: 4eb582cf ("[PATCH] keys: add a way to store the appropriate context for newly-created keys")
Reported-by: Kir Kolyshkin <kir@sacred.ru>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

parent beee56f3

security/selinux/hooks.c

+6 −5

Original line number	Diff line number	Diff line
		@@ -6331,11 +6331,12 @@ static int selinux_setprocattr(const char name, void value, size_t size)
		} else if (!strcmp(name, "fscreate")) {
		tsec->create_sid = sid;
		} else if (!strcmp(name, "keycreate")) {
		error = avc_has_perm(&selinux_state,
		mysid, sid, SECCLASS_KEY, KEY__CREATE,
		NULL);
		if (sid) {
		error = avc_has_perm(&selinux_state, mysid, sid,
		SECCLASS_KEY, KEY__CREATE, NULL);
		if (error)
		goto abort_change;
		}
		tsec->keycreate_sid = sid;
		} else if (!strcmp(name, "sockcreate")) {
		tsec->sockcreate_sid = sid;