Pandora Sourcecodes - pandora-kernel.git/commit

author	Eric Paris <eparis@redhat.com>
	Fri, 25 Feb 2011 20:39:20 +0000 (15:39 -0500)
committer	Eric Paris <eparis@redhat.com>
	Fri, 25 Feb 2011 20:40:00 +0000 (15:40 -0500)
commit	0b24dcb7f2f7a0ce9b762eef0362c21c88f47b32
tree	9c7dc83e169cd4a2e5fd248e4b940f82131627b6	tree \| snapshot
parent	47ac19ea429aee561f66e9cd05b908e8ffbc498a	commit \| diff

Revert "selinux: simplify ioctl checking"

This reverts commit 242631c49d4cf39642741d6627750151b058233b.

Conflicts:

security/selinux/hooks.c

SELinux used to recognize certain individual ioctls and check
permissions based on the knowledge of the individual ioctl.  In commit
242631c49d4cf396 the SELinux code stopped trying to understand
individual ioctls and to instead looked at the ioctl access bits to
determine in we should check read or write for that operation.  This
same suggestion was made to SMACK (and I believe copied into TOMOYO).
But this suggestion is total rubbish.  The ioctl access bits are
actually the access requirements for the structure being passed into the
ioctl, and are completely unrelated to the operation of the ioctl or the
object the ioctl is being performed upon.

Take FS_IOC_FIEMAP as an example.  FS_IOC_FIEMAP is defined as:

FS_IOC_FIEMAP _IOWR('f', 11, struct fiemap)

So it has access bits R and W.  What this really means is that the
kernel is going to both read and write to the struct fiemap.  It has
nothing at all to do with the operations that this ioctl might perform
on the file itself!

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>