Skip to content

Commit

Permalink
Revert "selinux: set to permissive but report enforcing"
Browse files Browse the repository at this point in the history
This reverts commit 2a60774.
  • Loading branch information
wloot committed Mar 23, 2019
1 parent 44c3efa commit ac4dc2b
Showing 1 changed file with 46 additions and 2 deletions.
48 changes: 46 additions & 2 deletions security/selinux/selinuxfs.c
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
char tmpbuf[TMPBUFLEN];
ssize_t length;

length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 1);
length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}

Expand All @@ -143,7 +143,51 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)

{
return count;
char *page = NULL;
ssize_t length;
int new_value;

length = -ENOMEM;
if (count >= PAGE_SIZE)
goto out;

/* No partial writes. */
length = -EINVAL;
if (*ppos != 0)
goto out;

length = -ENOMEM;
page = (char *)get_zeroed_page(GFP_KERNEL);
if (!page)
goto out;

length = -EFAULT;
if (copy_from_user(page, buf, count))
goto out;

length = -EINVAL;
if (sscanf(page, "%d", &new_value) != 1)
goto out;

if (new_value != selinux_enforcing) {
length = task_has_security(current, SECURITY__SETENFORCE);
if (length)
goto out;
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
"enforcing=%d old_enforcing=%d auid=%u ses=%u",
new_value, selinux_enforcing,
from_kuid(&init_user_ns, audit_get_loginuid(current)),
audit_get_sessionid(current));
selinux_enforcing = new_value;
if (selinux_enforcing)
avc_ss_reset(0);
selnl_notify_setenforce(selinux_enforcing);
selinux_status_update_setenforce(selinux_enforcing);
}
length = count;
out:
free_page((unsigned long) page);
return length;
}
#else
#define sel_write_enforce NULL
Expand Down

0 comments on commit ac4dc2b

Please sign in to comment.