1*4882a593SmuzhiyunWhat: /sys/fs/selinux/checkreqprot 2*4882a593SmuzhiyunDate: April 2005 (predates git) 3*4882a593SmuzhiyunKernelVersion: 2.6.12-rc2 (predates git) 4*4882a593SmuzhiyunContact: selinux@vger.kernel.org 5*4882a593SmuzhiyunDescription: 6*4882a593Smuzhiyun 7*4882a593Smuzhiyun The selinuxfs "checkreqprot" node allows SELinux to be configured 8*4882a593Smuzhiyun to check the protection requested by userspace for mmap/mprotect 9*4882a593Smuzhiyun calls instead of the actual protection applied by the kernel. 10*4882a593Smuzhiyun This was a compatibility mechanism for legacy userspace and 11*4882a593Smuzhiyun for the READ_IMPLIES_EXEC personality flag. However, if set to 12*4882a593Smuzhiyun 1, it weakens security by allowing mappings to be made executable 13*4882a593Smuzhiyun without authorization by policy. The default value of checkreqprot 14*4882a593Smuzhiyun at boot was changed starting in Linux v4.4 to 0 (i.e. check the 15*4882a593Smuzhiyun actual protection), and Android and Linux distributions have been 16*4882a593Smuzhiyun explicitly writing a "0" to /sys/fs/selinux/checkreqprot during 17*4882a593Smuzhiyun initialization for some time. Support for setting checkreqprot to 1 18*4882a593Smuzhiyun will be removed no sooner than June 2021, at which point the kernel 19*4882a593Smuzhiyun will always cease using checkreqprot internally and will always 20*4882a593Smuzhiyun check the actual protections being applied upon mmap/mprotect calls. 21*4882a593Smuzhiyun The checkreqprot selinuxfs node will remain for backward compatibility 22*4882a593Smuzhiyun but will discard writes of the "0" value and will reject writes of the 23*4882a593Smuzhiyun "1" value when this mechanism is removed. 24