selinux: always check the file label in selinux_kernel_read_file()

Commit 2039bda1fa8d ("LSM: Add "contents" flag to kernel_read_file hook")
added a new flag to the security_kernel_read_file() LSM hook, "contents",
which was set if a file was being read in its entirety or if it was the
first chunk read in a multi-step process.  The SELinux LSM callback was
updated to only check against the file label if this "contents" flag was
set, meaning that in multi-step reads the file label was not considered
in the access control decision after the initial chunk.

Thankfully the only in-tree user that performs a multi-step read is the
"bcm-vk" driver and it is loading firmware, not a kernel module, so there
are no security regressions to worry about.  However, we still want to
ensure that the SELinux code does the right thing, and *always* checks
the file label, especially as there is a chance the file could change
between chunk reads.

Fixes: 2039bda1fa8d ("LSM: Add "contents" flag to kernel_read_file hook")
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7b867dfec88baaf90dd10a1b9f6c4ce0058ad97c..a80e3f01153fb27af5a254e7081c0ce1d66379fc 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4134,7 +4134,7 @@ static int selinux_kernel_read_file(struct file *file,
 
        switch (id) {
        case READING_MODULE:
-               rc = selinux_kernel_module_from_file(contents ? file : NULL);
+               rc = selinux_kernel_module_from_file(file);
                break;
        default:
                break;