linux/security/selinux
Stephen Smalley 0794c66d49 selinux: handle files opened with flags 3 by checking ioctl permission
Handle files opened with flags 3 by checking ioctl permission.

Default to returning FILE__IOCTL from file_to_av() if the f_mode has neither
FMODE_READ nor FMODE_WRITE, and thus check ioctl permission on exec or
transfer, thereby validating such descriptors early as with normal r/w
descriptors and catching leaks of them prior to attempted usage.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-02 16:05:52 +11:00
..
include LSM/SELinux: Interfaces to allow FS to control mount options 2008-03-06 08:40:53 +11:00
ss SELinux: Remove security_get_policycaps() 2008-02-06 21:40:59 +08:00
avc.c d_path: Use struct path in struct avc_audit_data 2008-02-14 21:17:08 -08:00
exports.c SELinux: Enable dynamic enable/disable of the network access checks 2008-01-30 08:17:26 +11:00
hooks.c selinux: handle files opened with flags 3 by checking ioctl permission 2008-04-02 16:05:52 +11:00
Kconfig SELinux: Add a capabilities bitmap to SELinux policy version 22 2008-01-30 08:17:23 +11:00
Makefile SELinux: Add a network node caching mechanism similar to the sel_netif_*() functions 2008-01-30 08:17:23 +11:00
netif.c SELinux: Add warning messages on network denial due to error 2008-01-30 08:17:30 +11:00
netlabel.c SELinux: Allow NetLabel to directly cache SIDs 2008-01-30 08:17:27 +11:00
netlink.c [NET]: Support multiple network namespaces with netlink 2007-10-10 16:49:09 -07:00
netnode.c SELinux: Add warning messages on network denial due to error 2008-01-30 08:17:30 +11:00
nlmsgtab.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
selinuxfs.c [AUDIT] add session id to audit messages 2008-02-01 14:06:51 -05:00
xfrm.c SELinux: Enable dynamic enable/disable of the network access checks 2008-01-30 08:17:26 +11:00