summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2007-07-13 11:44:32 +0200
committerJens Axboe <jens.axboe@oracle.com>2007-07-13 14:14:29 +0200
commit29ce20586be54ceba49c55ae049541398cd2c416 (patch)
tree5ac0ef4c9debefff4fdacfdebab481985eb7341a
parentd3f35d98b3b87d2506289320375687c6e9bc53ed (diff)
downloadlinux-29ce20586be54ceba49c55ae049541398cd2c416.tar.gz
linux-29ce20586be54ceba49c55ae049541398cd2c416.tar.xz
security: revalidate rw permissions for sys_splice and sys_vmsplice
Revalidate read/write permissions for splice(2) and vmslice(2), in case security policy has changed since the files were opened. Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-rw-r--r--fs/splice.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/splice.c b/fs/splice.c
index ed2ce995475c..ef808227bc11 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -28,6 +28,7 @@
#include <linux/module.h>
#include <linux/syscalls.h>
#include <linux/uio.h>
+#include <linux/security.h>
/*
* Attempt to steal a page from a pipe buffer. This should perhaps go into
@@ -961,6 +962,10 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
if (unlikely(ret < 0))
return ret;
+ ret = security_file_permission(out, MAY_WRITE);
+ if (unlikely(ret < 0))
+ return ret;
+
return out->f_op->splice_write(pipe, out, ppos, len, flags);
}
@@ -983,6 +988,10 @@ static long do_splice_to(struct file *in, loff_t *ppos,
if (unlikely(ret < 0))
return ret;
+ ret = security_file_permission(in, MAY_READ);
+ if (unlikely(ret < 0))
+ return ret;
+
return in->f_op->splice_read(in, ppos, pipe, len, flags);
}