BUG: open check can trigger recvfrom denials on sockets

Question

BUG: open check can trigger recvfrom denials on sockets

stephensmalley opened this issue 8 years ago · 2 comments

open permission is currently only defined for files in the kernel (COMMON_FILE_PERMS rather than
COMMON_FILE_SOCK_PERMS). Construction of an artificial test case that tries to open a socket via /proc/pid/fd will generate a recvfrom avc denial because recvfrom and open happen to map to the same permission bit in socket vs file classes.

Now, technically, open of a socket via /proc/pid/fd is not supported by the kernel regardless and will ultimately return ENXIO. But we hit the permission check first and can thus produce these odd/misleading denials.

Options:

Move open to COMMON_FILE_SOCK_PERMS so that it is defined for socket classes too. Would also require defining it in all of the socket classes in refpolicy. Seems kind of pointless given that the kernel
doesn't support open() of sockets anyway.
Test to see if we are dealing with a socket in the code and don't
bother checking FILE__OPEN in that case. Seems more logical to me, and
avoids any compatibility headaches.

Answer 1 · 2017-05-12T21:54:32.000Z

Test to see if we are dealing with a socket in the code and don't bother checking FILE__OPEN in that case. Seems more logical to me, and avoids any compatibility headaches.

This gets my vote.

Answer 2 · 2017-05-19T13:19:19.000Z

Resolved by 2bff0c0