Skip to content
Snippets Groups Projects
Commit b5b6b5c3 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by Ed Tam
Browse files

SELinux: ss: Fix policy write for ioctl operations


Security server omits the type field when writing out the contents of the
avtab from /sys/fs/selinux/policy. This leads to a corrupt output. No impact
on the running kernel or its loaded policy. Impacts CTS neverallow tests.

Bug: 20665861
Change-Id: I657e18013dd5a1f40052bc2b02dd8e0afee9bcfb
Signed-off-by: default avatarJeff Vander Stoep <jeffv@google.com>
(cherry picked from commit 8cdfb356b51e29494ca0b9e4e86727d6f841a52d)
parent 31911794
No related branches found
No related tags found
No related merge requests found
...@@ -565,6 +565,9 @@ int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp) ...@@ -565,6 +565,9 @@ int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp)
return rc; return rc;
if (cur->key.specified & AVTAB_OP) { if (cur->key.specified & AVTAB_OP) {
rc = put_entry(&cur->datum.u.ops->type, sizeof(u8), 1, fp);
if (rc)
return rc;
for (i = 0; i < ARRAY_SIZE(cur->datum.u.ops->op.perms); i++) for (i = 0; i < ARRAY_SIZE(cur->datum.u.ops->op.perms); i++)
buf32[i] = cpu_to_le32(cur->datum.u.ops->op.perms[i]); buf32[i] = cpu_to_le32(cur->datum.u.ops->op.perms[i]);
rc = put_entry(buf32, sizeof(u32), rc = put_entry(buf32, sizeof(u32),
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment