[PATCH] Process Attribute API for Security Modules (fixlet)

[PATCH] Process Attribute API for Security Modules (fixlet)

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch, relative to the /proc/pid/attr patch against 2.5.69, fixes the
mode values of the /proc/pid/attr nodes to avoid interference by the normal
Linux access checks for these nodes (and also fixes the /proc/pid/attr/prev
mode to reflect its read-only nature).

Otherwise, when the dumpable flag is cleared by a set[ug]id or unreadable
executable, a process will lose the ability to set its own attributes via
writes to /proc/pid/attr due to a DAC failure (/proc/pid inodes are
assigned the root uid/gid if the task is not dumpable, and the original
mode only permitted the owner to write).

The security module should implement appropriate permission checking in its
[gs]etprocattr hook functions.  In the case of SELinux, the setprocattr
hook function only allows a process to write to its own /proc/pid/attr
nodes as well as imposing other policy-based restrictions, and the
getprocattr hook function performs a permission check between the security
labels of the current process and target process to determine whether the
operation is permitted.