selinux: do not check open perm on ftruncate call

Use the ATTR_FILE attribute to distinguish between truncate()
and ftruncate() system calls. The two other cases where
do_truncate is called with a filp (and therefore ATTR_FILE is set)
are for coredump files and for open(O_TRUNC). In both of those cases
the open permission has already been checked during file open and
therefore does not need to be repeated.

Commit 95dbf739313f ("SELinux: check OPEN on truncate calls")
fixed a major issue where domains were allowed to truncate files
without the open permission. However, it introduced a new bug where
a domain with the write permission can no longer ftruncate files
without the open permission, even when they receive an already open

(cherry picked from commit b21800f304392ee5d20f411c37470183cc779f11)

Bug: 22567870
Change-Id: Id7c305e46beba5091c2c777529bd468216aae1c3

Signed-off-by: Jeff Vander Stoep <>
Acked-by: Stephen Smalley <>
Signed-off-by: Paul Moore <>
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 47aa35d..621f1d2 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2863,7 +2863,8 @@
 		return dentry_has_perm(cred, dentry, FILE__SETATTR);
-	if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE))
+	if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE)
+			&& !(ia_valid & ATTR_FILE))
 		av |= FILE__OPEN;
 	return dentry_has_perm(cred, dentry, av);