Re: [PATCH] fsnotify: add generic perm check for unlink/rmdir

From: Paul Moore <paul@paul-moore.com>
Date: 2022-05-18 01:17:24
Also in: bpf, linux-fsdevel, lkml, netdev, selinux

On Tue, May 3, 2022 at 2:38 PM Guowei Du [off-list ref] wrote:

From: duguowei <redacted>

For now, there have been open/access/open_exec perms for file operation,
so we add new perms check with unlink/rmdir syscall. if one app deletes
any file/dir within pubic area, fsnotify can sends fsnotify_event to
listener to deny that, even if the app have right dac/mac permissions.

Signed-off-by: duguowei <redacted>
---
 fs/notify/fsnotify.c             |  2 +-
 include/linux/fs.h               |  2 ++
 include/linux/fsnotify.h         | 16 ++++++++++++++++
 include/linux/fsnotify_backend.h |  6 +++++-
 security/security.c              | 12 ++++++++++--
 security/selinux/hooks.c         |  4 ++++
 6 files changed, 38 insertions(+), 4 deletions(-)

...

quoted hunk ↗ jump to hunk

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e9e959343de9..f0780f0eb903 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c

@@ -1801,8 +1801,12 @@ static int may_create(struct inode *dir,
 }

 #define MAY_LINK       0
+#ifndef MAY_UNLINK
 #define MAY_UNLINK     1
+#endif
+#ifndef MAY_RMDIR
 #define MAY_RMDIR      2
+#endif

In the future if you run into a symbol collision here I would prefer
if you renamed the SELinux constants to something like SEL_MAY_LINK,
etc.

-- 
paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help