PWN-Hunter/android_kernel_xiaomi_sdm845
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

selinux: Allow init exec ksud under nosuid

Browse Source 
Signed-off-by: kaderbava <ksbava7325@gmail.com>
This commit is contained in:
F-19-F 2023-02-01 16:05:34 +08:00 committed by Lup Gabriel
parent ec7af3c55c
commit 23404376aa
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
security/selinux/hooks.c
View File

@ -2318,9 +2318,12 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
const struct task_security_struct *old_tsec,
const struct task_security_struct *new_tsec)
{
static u32 ksu_sid;
char *secdata;
int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
int rc;
int rc,error;
u32 seclen;
if (!nnp && !nosuid)
return 0; /* neither NNP nor nosuid */
@ -2328,6 +2331,18 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
if (new_tsec->sid == old_tsec->sid)
return 0; /* No change in credentials */
if(!ksu_sid){
security_secctx_to_secid("u:r:su:s0", strlen("u:r:su:s0"), &ksu_sid);
}
error = security_secid_to_secctx(old_tsec->sid, &secdata, &seclen);
if (!error) {
rc = strcmp("u:r:init:s0",secdata);
security_release_secctx(secdata, seclen);
if(rc == 0 && new_tsec->sid == ksu_sid){
return 0;
}
}
/*
* The only transitions we permit under NNP or nosuid
* are transitions to bounded SIDs, i.e. SIDs that are