SELinux: do not check open perms if they are not known to policy
authorEric Paris <eparis@redhat.com>
Fri, 6 Jul 2012 18:13:30 +0000 (14:13 -0400)
committerJames Morris <james.l.morris@oracle.com>
Mon, 16 Jul 2012 01:41:47 +0000 (11:41 +1000)
commit3d2195c3324b27e65ba53d9626a6bd91a2515797
treec17445689c2926fa446c9bef4f5b169b60ce4f15
parent64919e60915c5151b3dd4c8d2d9237a115ca990c
SELinux: do not check open perms if they are not known to policy

When I introduced open perms policy didn't understand them and I
implemented them as a policycap.  When I added the checking of open perm
to truncate I forgot to conditionalize it on the userspace defined
policy capability.  Running an old policy with a new kernel will not
check open on open(2) but will check it on truncate.  Conditionalize the
truncate check the same as the open check.

Signed-off-by: Eric Paris <eparis@redhat.com>
Cc: stable@vger.kernel.org # 3.4.x
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/selinux/hooks.c