kernel-fxtec-pro1x/security
Eric Paris cea78dc4ca SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av
The class_to_string array is referenced by tclass.  My code mistakenly
was using tclass - 1.  If the proceeding class is a userspace class
rather than kernel class this may cause a denial/EINVAL even if unknown
handling is set to allow.  The bug shouldn't be allowing excess
privileges since those are given based on the contents of another array
which should be correctly referenced.

At this point in time its pretty unlikely this is going to cause
problems.  The most recently added kernel classes which could be
affected are association, dccp_socket, and peer.  Its pretty unlikely
any policy with handle_unknown=allow doesn't have association and
dccp_socket undefined (they've been around longer than unknown handling)
and peer is conditionalized on a policy cap which should only be defined
if that class exists in policy.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:01:58 +10:00
..
keys keys: remove unused key_alloc_sem 2008-06-06 11:29:11 -07:00
selinux SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av 2008-07-14 15:01:58 +10:00
smack Security: split proc ptrace checking into read vs. attach 2008-07-14 15:01:47 +10:00
capability.c capabilities: implement per-process securebits 2008-04-28 08:58:26 -07:00
commoncap.c Security: split proc ptrace checking into read vs. attach 2008-07-14 15:01:47 +10:00
device_cgroup.c devcgroup: fix permission check when adding entry to child cgroup 2008-07-13 12:51:18 -07:00
dummy.c Security: split proc ptrace checking into read vs. attach 2008-07-14 15:01:47 +10:00
inode.c Kobject: convert remaining kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
Kconfig security: enhance DEFAULT_MMAP_MIN_ADDR description 2008-04-18 20:26:18 +10:00
Makefile cgroups: implement device whitelist 2008-04-29 08:06:09 -07:00
root_plug.c root_plug: use cap_task_prctl 2008-04-28 08:58:27 -07:00
security.c Security: split proc ptrace checking into read vs. attach 2008-07-14 15:01:47 +10:00