[PATCH] readv/writev syscalls are not checked by lsm

it seems that readv(2)/writev(2) syscalls do not call
file_permission callback. Looks like this is overlook.

I have filled the issue into redhat bugzilla as
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169433
and got the recommendation to post this on lsm mailing list.

The following trivial patch solves the problem.

Signed-off-by: Kostik Belousov <kostikbel@gmail.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>

diff --git a/fs/read_write.c b/fs/read_write.c
index b60324a..a091ee4 100644 (file)
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -499,6 +499,9 @@ static ssize_t do_readv_writev(int type, struct file *file,
        ret = rw_verify_area(type, file, pos, tot_len);
        if (ret)
                goto out;
+       ret = security_file_permission(file, type == READ ? MAY_READ : MAY_WRITE);
+       if (ret)
+               goto out;
 
        fnv = NULL;
        if (type == READ) {