• Joy Latten's avatar
    xfrm: Add security check before flushing SAD/SPD · 4aa2e62c
    Joy Latten authored
    Currently we check for permission before deleting entries from SAD and
    SPD, (see security_xfrm_policy_delete() security_xfrm_state_delete())
    However we are not checking for authorization when flushing the SPD and
    the SAD completely. It was perhaps missed in the original security hooks
    patch.
    
    This patch adds a security check when flushing entries from the SAD and
    SPD.  It runs the entire database and checks each entry for a denial.
    If the process attempting the flush is unable to remove all of the
    entries a denial is logged the the flush function returns an error
    without removing anything.
    
    This is particularly useful when a process may need to create or delete
    its own xfrm entries used for things like labeled networking but that
    same process should not be able to delete other entries or flush the
    entire database.
    
    Signed-off-by: Joy Latten<latten@austin.ibm.com>
    Signed-off-by: default avatarEric Paris <eparis@parisplace.org>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    4aa2e62c
xfrm_state.c 41.1 KB