[PATCH] selinux: Fix use of KEY_NEED_* instead of KEY__* perms [v2]
dhowells at redhat.com
Tue Apr 28 15:57:59 UTC 2020
Stephen Smalley <stephen.smalley.work at gmail.com> wrote:
> 1) Are we guaranteed that the caller only ever passes a single
> KEY_NEED_* perm at a time (i.e. hook is never called with a bitmask
> of multiple permissions)? Where is that guarantee enforced?
Currently it's the case that only one perm is ever used at once. I'm tempted
to enforce this by switching the KEY_NEED_* to an enum rather than a bitmask.
I'm not sure how I would actually define the meaning of two perms being OR'd
together. Either okay? Both required?
> 2) We had talked about adding a BUILD_BUG_ON() or other build-time
That doesn't help you trap unallowed perm combinations, though.
> to ensure that new KEY_NEED_* permissions
> are not added without updating SELinux. We already have similar
> constructs for catching new capabilities (#if CAP_LAST_CAP > 63 #error
> ...), socket address families (#if PF_MAX > 45 #error ...), RTM_* and
> XFRM_MSG* values.
More information about the Linux-security-module-archive