[Toybox] [PATCH] Don't call TIOCGWINSZ on non-ttys

Sat Oct 20 08:31:36 PDT 2018

Prior to calling TIOCGWINSZ on stdin/stdout/stderr, check to see if the
file descriptor is a tty. Calling TIOCGWINSZ on a non-tty doesn't make
any sense.

Calling TIOCGWINSZ on a non-tty is mildly problematic for systems like
Android where strict ioctl filtering is in place, and generates SELinux
audit noise.

Strict ioctl filtering for non-filesystem fifo_files (eg pipe() or
pipe2() generated pipes) was enabled in Android in commit
https://android-review.googlesource.com/c/platform/system/sepolicy/+/792599

Steps to reproduce:
* Run "echo foo | ls"

Expected:
* No SELinux denials on Android with strict ioctl filtering enabled

Actual:
* An SELinux denial of the form:

  type=1400 audit(1540046406.055:1357): avc: denied { ioctl }
  for comm="ls" path="pipe:[332719]" dev="pipefs" ino=332719
  ioctlcmd=0x5413 scontext=u:r:shell:s0 tcontext=u:r:shell:s0
  tclass=fifo_file permissive=0

  type=1400 audit(0.0:46): avc: denied { ioctl } for comm="ls"
  path="pipe:[196102]" dev="pipefs" ino=196102 ioctlcmd=0x5413
  scontext=u:r:untrusted_app_27:s0:c512,c768
  tcontext=u:r:untrusted_app_27:s0:c512,c768
  tclass=fifo_file permissive=0 app=com.microsoft.office.outlook

(ioctl 0x5413 is TIOCGWINSZ)

Signed-off-by: Nick Kralevich <nnk at google.com>
---
 lib/interestingtimes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/interestingtimes.c b/lib/interestingtimes.c
index c3ed9f9..ffb5ab5 100644
--- a/lib/interestingtimes.c
+++ b/lib/interestingtimes.c
@@ -27,7 +27,7 @@ int terminal_size(unsigned *xx, unsigned *yy)
   // stdin, stdout, stderr
   for (i=0; i<3; i++) {
     memset(&ws, 0, sizeof(ws));
-    if (!ioctl(i, TIOCGWINSZ, &ws)) {
+    if (isatty(i) && !ioctl(i, TIOCGWINSZ, &ws)) {
       if (ws.ws_col) x = ws.ws_col;
       if (ws.ws_row) y = ws.ws_row;
 
-- 
2.19.1.568.g152ad8e336-goog


