[PATCH v2] tomoyo: Don't check open/getattr permission on sockets.

[Tetsuo Handa]

On 2019/11/21 16:21, James Morris wrote:
> On Wed, 13 Nov 2019, Tetsuo Handa wrote:
> 
>> Hello, Andrew and James.
>>
>> I have difficulty setting up environments for sending pull request to linux.git
>> (nobody around me knows Linux kernel maintainer's workflow at the command line level).
>> Can you pick up the following commit via mmotm or linux-security.git tree?
> 
> Not sure if your fix is complete.
> 
> Are there other potential paths to trigger this via tomoyo_path_perm() ?
> 
> e.g. call unlink(2) on /proc/pid/fd/sockfd

I think they are safe. For example, unlink(2) checks that
inode is valid before calling security_path_unlink().

        dentry = __lookup_hash(&last, path.dentry, lookup_flags);
        error = PTR_ERR(dentry);
        if (!IS_ERR(dentry)) {
                /* Why not before? Because we want correct error value */
                if (last.name[last.len])
                        goto slashes;
                inode = dentry->d_inode;
                if (d_is_negative(dentry))
                        goto slashes;
                ihold(inode);
                error = security_path_unlink(&path, dentry);
                if (error)
                        goto exit2;
                error = vfs_unlink(path.dentry->d_inode, dentry, &delegated_inode);
exit2:
                dput(dentry);
        }