Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

security: revalidate rw permissions for sys_splice and sys_vmsplice

Revalidate read/write permissions for splice(2) and vmslice(2), in case
security policy has changed since the files were opened.

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
James Morris 18 years ago
parent
d3f35d98b3
commit
29ce20586b
1 changed files with 9 additions and 0 deletions
Split View Show Diff Stats
  1. 9 0
      fs/splice.c

+ 9 - 0
fs/splice.c
View File 

@@ -28,6 +28,7 @@
 
 #include <linux/module.h>
 
 #include <linux/syscalls.h>
 
 #include <linux/uio.h>
 
+#include <linux/security.h>
 
 
 /*
 
  * Attempt to steal a page from a pipe buffer. This should perhaps go into
 
@@ -961,6 +962,10 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
 
 	if (unlikely(ret < 0))
 
 		return ret;
 
 
+	ret = security_file_permission(out, MAY_WRITE);
 
+	if (unlikely(ret < 0))
 
+		return ret;
 
+
 
 	return out->f_op->splice_write(pipe, out, ppos, len, flags);
 
 }
 
 
@@ -983,6 +988,10 @@ static long do_splice_to(struct file *in, loff_t *ppos,
 
 	if (unlikely(ret < 0))
 
 		return ret;
 
 
+	ret = security_file_permission(in, MAY_READ);
 
+	if (unlikely(ret < 0))
 
+		return ret;
 
+
 
 	return in->f_op->splice_read(in, ppos, pipe, len, flags);
 
 }