selinux: do not check open permission on sockets (ccb54478) · Commits · e / devices / android_kernel_oneplus_sm7250

security/selinux/hooks.c

+7 −3

Original line number	Diff line number	Diff line
		@@ -2063,8 +2063,9 @@ static inline u32 file_to_av(struct file *file)
		static inline u32 open_file_to_av(struct file *file)
		{
		u32 av = file_to_av(file);
		struct inode *inode = file_inode(file);

		if (selinux_policycap_openperm)
		if (selinux_policycap_openperm && inode->i_sb->s_magic != SOCKFS_MAGIC)
		av \|= FILE__OPEN;

		return av;
		@@ -3059,6 +3060,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
		static int selinux_inode_setattr(struct dentry dentry, struct iattr iattr)
		{
		const struct cred *cred = current_cred();
		struct inode *inode = d_backing_inode(dentry);
		unsigned int ia_valid = iattr->ia_valid;
		__u32 av = FILE__WRITE;

		@@ -3074,8 +3076,10 @@ static int selinux_inode_setattr(struct dentry dentry, struct iattr iattr)
		ATTR_ATIME_SET \| ATTR_MTIME_SET \| ATTR_TIMES_SET))
		return dentry_has_perm(cred, dentry, FILE__SETATTR);

		if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE)
		&& !(ia_valid & ATTR_FILE))
		if (selinux_policycap_openperm &&
		inode->i_sb->s_magic != SOCKFS_MAGIC &&
		(ia_valid & ATTR_SIZE) &&
		!(ia_valid & ATTR_FILE))
		av \|= FILE__OPEN;

		return dentry_has_perm(cred, dentry, av);