diff options
| author | Bram Bonné <brambonne@google.com> | 2021-04-30 11:50:19 +0200 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2022-11-05 19:06:48 +0200 |
| commit | e31f087fb864910726b36f22244a6043d503ff1f (patch) | |
| tree | 0cf4e1e3a9e36e5bbd6da431704fe9a2795d510c /security/selinux/include | |
| parent | 80675d431434865472cb2e18bf62b490ac3d8667 (diff) | |
ANDROID: selinux: modify RTM_GETNEIGH{TBL}
Map the permission gating RTM_GETNEIGH/RTM_GETNEIGHTBL messages to a
new permission so that it can be distinguished from the other netlink
route permissions in selinux policy. The new permission is triggered by
a flag set in system images T and up.
This change is intended to be backported to all kernels that a T system
image can run on top of.
Bug: 171572148
Test: atest NetworkInterfaceTest
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Test: atest bionic-unit-tests-static
Test: On Cuttlefish, run combinations of:
- Policy bit set or omitted (see https://r.android.com/1701847)
- This patch applied or omitted
- App having nlmsg_readneigh permission or not
Verify that only the combination of this patch + the policy bit being
set + the app not having the nlmsg_readneigh permission prevents the
app from sending RTM_GETNEIGH messages.
Change-Id: I4bcfce4decb34ea9388eeedfc4be67403de8a980
Signed-off-by: Bram Bonné <brambonne@google.com>
(cherry picked from commit fac07550bdac9adea0dbe3edbdbec7a9a690a178)
(cherry picked from commit 32d7afd1472c3cce509a3455b40a575540eac780)
CVE-2022-20399
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Diffstat (limited to 'security/selinux/include')
| -rw-r--r-- | security/selinux/include/classmap.h | 3 | ||||
| -rw-r--r-- | security/selinux/include/security.h | 1 |
2 files changed, 3 insertions, 1 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index e27b71a5d8d5..d1ee3dfb2555 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -105,7 +105,8 @@ struct security_class_mapping secclass_map[] = { { COMMON_IPC_PERMS, NULL } }, { "netlink_route_socket", { COMMON_SOCK_PERMS, - "nlmsg_read", "nlmsg_write", "nlmsg_readpriv", NULL } }, + "nlmsg_read", "nlmsg_write", "nlmsg_readpriv", "nlmsg_getneigh", + NULL } }, { "netlink_tcpdiag_socket", { COMMON_SOCK_PERMS, "nlmsg_read", "nlmsg_write", NULL } }, diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index b45a3a72c161..efb852e076b6 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -79,6 +79,7 @@ enum { #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) extern int selinux_android_netlink_route; +extern int selinux_android_netlink_getneigh; extern int selinux_policycap_netpeer; extern int selinux_policycap_openperm; extern int selinux_policycap_alwaysnetwork; |