Discussion:
[PATCH] Don't call TIOCGWINSZ on non-ttys
Add Reply
Nick Kralevich
2018-10-20 15:31:36 UTC
Reply
Permalink
Prior to calling TIOCGWINSZ on stdin/stdout/stderr, check to see if the
file descriptor is a tty. Calling TIOCGWINSZ on a non-tty doesn't make
any sense.

Calling TIOCGWINSZ on a non-tty is mildly problematic for systems like
Android where strict ioctl filtering is in place, and generates SELinux
audit noise.

Strict ioctl filtering for non-filesystem fifo_files (eg pipe() or
pipe2() generated pipes) was enabled in Android in commit
https://android-review.googlesource.com/c/platform/system/sepolicy/+/792599

Steps to reproduce:
* Run "echo foo | ls"

Expected:
* No SELinux denials on Android with strict ioctl filtering enabled

Actual:
* An SELinux denial of the form:

type=1400 audit(1540046406.055:1357): avc: denied { ioctl }
for comm="ls" path="pipe:[332719]" dev="pipefs" ino=332719
ioctlcmd=0x5413 scontext=u:r:shell:s0 tcontext=u:r:shell:s0
tclass=fifo_file permissive=0

type=1400 audit(0.0:46): avc: denied { ioctl } for comm="ls"
path="pipe:[196102]" dev="pipefs" ino=196102 ioctlcmd=0x5413
scontext=u:r:untrusted_app_27:s0:c512,c768
tcontext=u:r:untrusted_app_27:s0:c512,c768
tclass=fifo_file permissive=0 app=com.microsoft.office.outlook

(ioctl 0x5413 is TIOCGWINSZ)

Signed-off-by: Nick Kralevich <***@google.com>
---
lib/interestingtimes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/interestingtimes.c b/lib/interestingtimes.c
index c3ed9f9..ffb5ab5 100644
--- a/lib/interestingtimes.c
+++ b/lib/interestingtimes.c
@@ -27,7 +27,7 @@ int terminal_size(unsigned *xx, unsigned *yy)
// stdin, stdout, stderr
for (i=0; i<3; i++) {
memset(&ws, 0, sizeof(ws));
- if (!ioctl(i, TIOCGWINSZ, &ws)) {
+ if (isatty(i) && !ioctl(i, TIOCGWINSZ, &ws)) {
if (ws.ws_col) x = ws.ws_col;
if (ws.ws_row) y = ws.ws_row;
--
2.19.1.568.g152ad8e336-goog
Loading...