diff options
| author | Jeff Vander Stoep <jeffv@google.com> | 2015-04-29 11:14:23 -0700 |
|---|---|---|
| committer | Ziyan <jaraidaniel@gmail.com> | 2016-03-11 16:02:34 +0100 |
| commit | 25c018c51142478728289e24a3b5907dbc75f05d (patch) | |
| tree | bda88d5ef8badadafd016f1c2ebb2318154f93ad /security | |
| parent | fad1cbb7d9b78c6805c14ef66c79523b12e3a338 (diff) | |
| download | kernel_samsung_espresso10-25c018c51142478728289e24a3b5907dbc75f05d.zip kernel_samsung_espresso10-25c018c51142478728289e24a3b5907dbc75f05d.tar.gz kernel_samsung_espresso10-25c018c51142478728289e24a3b5907dbc75f05d.tar.bz2 | |
SELinux: ss: Fix policy write for ioctl operations
Security server omits the type field when writing out the contents of the
avtab from /sys/fs/selinux/policy. This leads to a corrupt output. No impact
on the running kernel or its loaded policy. Impacts CTS neverallow tests.
Bug: 20665861
Change-Id: I657e18013dd5a1f40052bc2b02dd8e0afee9bcfb
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
(cherry picked from commit 8cdfb356b51e29494ca0b9e4e86727d6f841a52d)
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/ss/avtab.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 2e4ff00..dd7466c 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -565,6 +565,9 @@ int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp) return rc; if (cur->key.specified & AVTAB_OP) { + rc = put_entry(&cur->datum.u.ops->type, sizeof(u8), 1, fp); + if (rc) + return rc; for (i = 0; i < ARRAY_SIZE(cur->datum.u.ops->op.perms); i++) buf32[i] = cpu_to_le32(cur->datum.u.ops->op.perms[i]); rc = put_entry(buf32, sizeof(u32), |