Smack: fix the subject/object order in smack_ptrace_traceme()

The order of subject/object is currently reversed in smack_ptrace_traceme(). It is currently checked if the tracee has a capability to trace tracer and according to this rule a decision is made whether the tracer will be allowed to trace tracee. Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com> Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
author: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com> 2014-03-11 12:07:04 -0400
committer: Casey Schaufler <casey@schaufler-ca.com> 2014-04-11 17:34:17 -0400
commit: 959e6c7f1eee42f14d31755b1134f5615db1d9bc (patch)
tree: 1931751fc4a9c37635c106498b7c2159e3f6576f /security/smack/smack_access.c
parent: 55dfc5da1a9b7e623b6f35620c74280555df0288 (diff)
1 files changed, 26 insertions, 7 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 14293cd9b1e5..f161debed02b 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -192,20 +192,21 @@ out_audit:
 }
 /**
- * smk_curacc - determine if current has a specific access to an object
+ * smk_tskacc - determine if a task has a specific access to an object
+ * @tsp: a pointer to the subject task
 * @obj_label: a pointer to the object's Smack label
 * @mode: the access requested, in "MAY" format
 * @a : common audit data
 *
- * This function checks the current subject label/object label pair
+ * This function checks the subject task's label/object label pair
 * in the access rule list and returns 0 if the access is permitted,
- * non zero otherwise. It allows that current may have the capability
+ * non zero otherwise. It allows that the task may have the capability
 * to override the rules.
 */
-int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
+int smk_tskacc(struct task_smack *subject, char *obj_label,
+               u32 mode, struct smk_audit_info *a)
 {
-        struct task_smack *tsp = current_security();
+        struct smack_known *skp = smk_of_task(subject);
-        struct smack_known *skp = smk_of_task(tsp);
        int may;
        int rc;
@@ -219,7 +220,7 @@ int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
                 * it can further restrict access.
                 */
                may = smk_access_entry(skp->smk_known, obj_label,
-                                        &tsp->smk_rules);
+                                        &subject->smk_rules);
                if (may < 0)
                        goto out_audit;
                if ((mode & may) == mode)
@@ -241,6 +242,24 @@ out_audit:
        return rc;
 }
+/**
+ * smk_curacc - determine if current has a specific access to an object
+ * @obj_label: a pointer to the object's Smack label
+ * @mode: the access requested, in "MAY" format
+ * @a : common audit data
+ *
+ * This function checks the current subject label/object label pair
+ * in the access rule list and returns 0 if the access is permitted,
+ * non zero otherwise. It allows that current may have the capability
+ * to override the rules.
+ */
+int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
+{
+        struct task_smack *tsp = current_security();
+        return smk_tskacc(tsp, obj_label, mode, a);
+}
 #ifdef CONFIG_AUDIT
 /**
 * smack_str_from_perm : helper to transalate an int to a
author	Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>	2014-03-11 12:07:04 -0400
committer	Casey Schaufler <casey@schaufler-ca.com>	2014-04-11 17:34:17 -0400
commit	959e6c7f1eee42f14d31755b1134f5615db1d9bc (patch)
tree	1931751fc4a9c37635c106498b7c2159e3f6576f /security/smack/smack_access.c
parent	55dfc5da1a9b7e623b6f35620c74280555df0288 (diff)