diff options
author | Len Brown <len.brown@intel.com> | 2011-01-13 02:06:06 +0300 |
---|---|---|
committer | Len Brown <len.brown@intel.com> | 2011-01-13 02:06:06 +0300 |
commit | 56dbed129df3fdd4caf9018b6e7599ee258a5420 (patch) | |
tree | b902491aef3a99efe0d9d49edd0f6e414dba654f /security/smack/smackfs.c | |
parent | 2a2d31c8dc6f1ebcf5eab1d93a0cb0fb4ed57c7c (diff) | |
parent | f878133bf022717b880d0e0995b8f91436fd605c (diff) | |
download | linux-56dbed129df3fdd4caf9018b6e7599ee258a5420.tar.xz |
Merge branch 'linus' into idle-test
Diffstat (limited to 'security/smack/smackfs.c')
-rw-r--r-- | security/smack/smackfs.c | 41 |
1 files changed, 34 insertions, 7 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index dc1fd6239f24..362d5eda948b 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -109,9 +109,12 @@ const char *smack_cipso_option = SMACK_CIPSO_OPTION; * SMK_ACCESSLEN: Maximum length for a rule access field * SMK_LOADLEN: Smack rule length */ -#define SMK_ACCESS "rwxa" -#define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) -#define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) +#define SMK_OACCESS "rwxa" +#define SMK_ACCESS "rwxat" +#define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1) +#define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) +#define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN) +#define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN) /** * smk_netlabel_audit_set - fill a netlbl_audit struct @@ -121,7 +124,7 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap) { nap->loginuid = audit_get_loginuid(current); nap->sessionid = audit_get_sessionid(current); - nap->secid = smack_to_secid(current_security()); + nap->secid = smack_to_secid(smk_of_current()); } /* @@ -175,6 +178,8 @@ static int load_seq_show(struct seq_file *s, void *v) seq_putc(s, 'x'); if (srp->smk_access & MAY_APPEND) seq_putc(s, 'a'); + if (srp->smk_access & MAY_TRANSMUTE) + seq_putc(s, 't'); if (srp->smk_access == 0) seq_putc(s, '-'); @@ -273,10 +278,15 @@ static ssize_t smk_write_load(struct file *file, const char __user *buf, if (!capable(CAP_MAC_ADMIN)) return -EPERM; - if (*ppos != 0 || count != SMK_LOADLEN) + if (*ppos != 0) + return -EINVAL; + /* + * Minor hack for backward compatability + */ + if (count < (SMK_OLOADLEN) || count > SMK_LOADLEN) return -EINVAL; - data = kzalloc(count, GFP_KERNEL); + data = kzalloc(SMK_LOADLEN, GFP_KERNEL); if (data == NULL) return -ENOMEM; @@ -285,6 +295,12 @@ static ssize_t smk_write_load(struct file *file, const char __user *buf, goto out; } + /* + * More on the minor hack for backward compatability + */ + if (count == (SMK_OLOADLEN)) + data[SMK_OLOADLEN] = '-'; + rule = kzalloc(sizeof(*rule), GFP_KERNEL); if (rule == NULL) { rc = -ENOMEM; @@ -345,6 +361,17 @@ static ssize_t smk_write_load(struct file *file, const char __user *buf, goto out_free_rule; } + switch (data[SMK_LABELLEN + SMK_LABELLEN + 4]) { + case '-': + break; + case 't': + case 'T': + rule->smk_access |= MAY_TRANSMUTE; + break; + default: + goto out_free_rule; + } + rc = smk_set_access(rule); if (!rc) @@ -1160,7 +1187,7 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { char in[SMK_LABELLEN]; - char *sp = current->cred->security; + char *sp = smk_of_task(current->cred->security); if (!capable(CAP_MAC_ADMIN)) return -EPERM; |