apparmor: revalidate files during exec

Instead of running file revalidation lazily when read/write are called copy selinux and revalidate the file table on exec. This avoids extra mediation overhead in read/write and also prevents file handles being passed through to a grand child unchecked. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2017-06-09 11:58:42 -0700
committer: John Johansen <john.johansen@canonical.com> 2017-06-10 17:11:37 -0700
commit: 192ca6b55a866e838aee98d9cb6a0b5086467c03 (patch)
tree: eba93d671a1476432f357fa68e6842f548e2cb2f /security/apparmor/lsm.c
parent: 2835a13bbdc09d330eafdf5e67eb407c90c01ab7 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 3c6fa9753675..7ba43c18687a 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -417,6 +417,10 @@ static int common_file_perm(const char *op, struct file *file, u32 mask)
 	struct aa_profile *profile, *fprofile;
 	int error = 0;
 
+	/* don't reaudit files closed during inheritance */
+	if (file->f_path.dentry == aa_null.dentry)
+		return -EACCES;
+
 	fprofile = aa_cred_raw_profile(file->f_cred);
 	AA_BUG(!fprofile);
 
@@ -600,6 +604,8 @@ static void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
 	    (unconfined(new_ctx->profile)))
 		return;
 
+	aa_inherit_files(bprm->cred, current->files);
+
 	current->pdeath_signal = 0;
 
 	/* reset soft limits and set hard limits for the new profile */
author	John Johansen <john.johansen@canonical.com>	2017-06-09 11:58:42 -0700
committer	John Johansen <john.johansen@canonical.com>	2017-06-10 17:11:37 -0700
commit	192ca6b55a866e838aee98d9cb6a0b5086467c03 (patch)
tree	eba93d671a1476432f357fa68e6842f548e2cb2f /security/apparmor/lsm.c
parent	2835a13bbdc09d330eafdf5e67eb407c90c01ab7 (diff)