diff options
| -rw-r--r-- | security/smack/smack.h | 1 | ||||
| -rw-r--r-- | security/smack/smack_access.c | 7 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 29 | ||||
| -rw-r--r-- | security/smack/smackfs.c | 3 |
4 files changed, 4 insertions, 36 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 51fd30192c08..77abe2efacae 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
| @@ -336,7 +336,6 @@ extern int smack_ptrace_rule; | |||
| 336 | extern struct smack_known smack_known_floor; | 336 | extern struct smack_known smack_known_floor; |
| 337 | extern struct smack_known smack_known_hat; | 337 | extern struct smack_known smack_known_hat; |
| 338 | extern struct smack_known smack_known_huh; | 338 | extern struct smack_known smack_known_huh; |
| 339 | extern struct smack_known smack_known_invalid; | ||
| 340 | extern struct smack_known smack_known_star; | 339 | extern struct smack_known smack_known_star; |
| 341 | extern struct smack_known smack_known_web; | 340 | extern struct smack_known smack_known_web; |
| 342 | 341 | ||
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 23e5808a0970..356e3764cad9 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
| @@ -36,11 +36,6 @@ struct smack_known smack_known_floor = { | |||
| 36 | .smk_secid = 5, | 36 | .smk_secid = 5, |
| 37 | }; | 37 | }; |
| 38 | 38 | ||
| 39 | struct smack_known smack_known_invalid = { | ||
| 40 | .smk_known = "", | ||
| 41 | .smk_secid = 6, | ||
| 42 | }; | ||
| 43 | |||
| 44 | struct smack_known smack_known_web = { | 39 | struct smack_known smack_known_web = { |
| 45 | .smk_known = "@", | 40 | .smk_known = "@", |
| 46 | .smk_secid = 7, | 41 | .smk_secid = 7, |
| @@ -615,7 +610,7 @@ struct smack_known *smack_from_secid(const u32 secid) | |||
| 615 | * of a secid that is not on the list. | 610 | * of a secid that is not on the list. |
| 616 | */ | 611 | */ |
| 617 | rcu_read_unlock(); | 612 | rcu_read_unlock(); |
| 618 | return &smack_known_invalid; | 613 | return &smack_known_huh; |
| 619 | } | 614 | } |
| 620 | 615 | ||
| 621 | /* | 616 | /* |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 46d8be434466..4d90257d03ad 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1384,20 +1384,14 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
| 1384 | skp = smk_import_entry(value, size); | 1384 | skp = smk_import_entry(value, size); |
| 1385 | if (!IS_ERR(skp)) | 1385 | if (!IS_ERR(skp)) |
| 1386 | isp->smk_inode = skp; | 1386 | isp->smk_inode = skp; |
| 1387 | else | ||
| 1388 | isp->smk_inode = &smack_known_invalid; | ||
| 1389 | } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { | 1387 | } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { |
| 1390 | skp = smk_import_entry(value, size); | 1388 | skp = smk_import_entry(value, size); |
| 1391 | if (!IS_ERR(skp)) | 1389 | if (!IS_ERR(skp)) |
| 1392 | isp->smk_task = skp; | 1390 | isp->smk_task = skp; |
| 1393 | else | ||
| 1394 | isp->smk_task = &smack_known_invalid; | ||
| 1395 | } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { | 1391 | } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { |
| 1396 | skp = smk_import_entry(value, size); | 1392 | skp = smk_import_entry(value, size); |
| 1397 | if (!IS_ERR(skp)) | 1393 | if (!IS_ERR(skp)) |
| 1398 | isp->smk_mmap = skp; | 1394 | isp->smk_mmap = skp; |
| 1399 | else | ||
| 1400 | isp->smk_mmap = &smack_known_invalid; | ||
| 1401 | } | 1395 | } |
| 1402 | 1396 | ||
| 1403 | return; | 1397 | return; |
| @@ -2068,12 +2062,8 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old) | |||
| 2068 | static int smack_kernel_act_as(struct cred *new, u32 secid) | 2062 | static int smack_kernel_act_as(struct cred *new, u32 secid) |
| 2069 | { | 2063 | { |
| 2070 | struct task_smack *new_tsp = new->security; | 2064 | struct task_smack *new_tsp = new->security; |
| 2071 | struct smack_known *skp = smack_from_secid(secid); | ||
| 2072 | |||
| 2073 | if (skp == NULL) | ||
| 2074 | return -EINVAL; | ||
| 2075 | 2065 | ||
| 2076 | new_tsp->smk_task = skp; | 2066 | new_tsp->smk_task = smack_from_secid(secid); |
| 2077 | return 0; | 2067 | return 0; |
| 2078 | } | 2068 | } |
| 2079 | 2069 | ||
| @@ -3894,21 +3884,11 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, | |||
| 3894 | return &smack_known_web; | 3884 | return &smack_known_web; |
| 3895 | return &smack_known_star; | 3885 | return &smack_known_star; |
| 3896 | } | 3886 | } |
| 3897 | if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { | 3887 | if ((sap->flags & NETLBL_SECATTR_SECID) != 0) |
| 3898 | /* | 3888 | /* |
| 3899 | * Looks like a fallback, which gives us a secid. | 3889 | * Looks like a fallback, which gives us a secid. |
| 3900 | */ | 3890 | */ |
| 3901 | skp = smack_from_secid(sap->attr.secid); | 3891 | return smack_from_secid(sap->attr.secid); |
| 3902 | /* | ||
| 3903 | * This has got to be a bug because it is | ||
| 3904 | * impossible to specify a fallback without | ||
| 3905 | * specifying the label, which will ensure | ||
| 3906 | * it has a secid, and the only way to get a | ||
| 3907 | * secid is from a fallback. | ||
| 3908 | */ | ||
| 3909 | BUG_ON(skp == NULL); | ||
| 3910 | return skp; | ||
| 3911 | } | ||
| 3912 | /* | 3892 | /* |
| 3913 | * Without guidance regarding the smack value | 3893 | * Without guidance regarding the smack value |
| 3914 | * for the packet fall back on the network | 3894 | * for the packet fall back on the network |
| @@ -4771,7 +4751,6 @@ static __init void init_smack_known_list(void) | |||
| 4771 | mutex_init(&smack_known_hat.smk_rules_lock); | 4751 | mutex_init(&smack_known_hat.smk_rules_lock); |
| 4772 | mutex_init(&smack_known_floor.smk_rules_lock); | 4752 | mutex_init(&smack_known_floor.smk_rules_lock); |
| 4773 | mutex_init(&smack_known_star.smk_rules_lock); | 4753 | mutex_init(&smack_known_star.smk_rules_lock); |
| 4774 | mutex_init(&smack_known_invalid.smk_rules_lock); | ||
| 4775 | mutex_init(&smack_known_web.smk_rules_lock); | 4754 | mutex_init(&smack_known_web.smk_rules_lock); |
| 4776 | /* | 4755 | /* |
| 4777 | * Initialize rule lists | 4756 | * Initialize rule lists |
| @@ -4780,7 +4759,6 @@ static __init void init_smack_known_list(void) | |||
| 4780 | INIT_LIST_HEAD(&smack_known_hat.smk_rules); | 4759 | INIT_LIST_HEAD(&smack_known_hat.smk_rules); |
| 4781 | INIT_LIST_HEAD(&smack_known_star.smk_rules); | 4760 | INIT_LIST_HEAD(&smack_known_star.smk_rules); |
| 4782 | INIT_LIST_HEAD(&smack_known_floor.smk_rules); | 4761 | INIT_LIST_HEAD(&smack_known_floor.smk_rules); |
| 4783 | INIT_LIST_HEAD(&smack_known_invalid.smk_rules); | ||
| 4784 | INIT_LIST_HEAD(&smack_known_web.smk_rules); | 4762 | INIT_LIST_HEAD(&smack_known_web.smk_rules); |
| 4785 | /* | 4763 | /* |
| 4786 | * Create the known labels list | 4764 | * Create the known labels list |
| @@ -4789,7 +4767,6 @@ static __init void init_smack_known_list(void) | |||
| 4789 | smk_insert_entry(&smack_known_hat); | 4767 | smk_insert_entry(&smack_known_hat); |
| 4790 | smk_insert_entry(&smack_known_star); | 4768 | smk_insert_entry(&smack_known_star); |
| 4791 | smk_insert_entry(&smack_known_floor); | 4769 | smk_insert_entry(&smack_known_floor); |
| 4792 | smk_insert_entry(&smack_known_invalid); | ||
| 4793 | smk_insert_entry(&smack_known_web); | 4770 | smk_insert_entry(&smack_known_web); |
| 4794 | } | 4771 | } |
| 4795 | 4772 | ||
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 6492fe96cae4..13743a01b35b 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
| @@ -2998,9 +2998,6 @@ static int __init init_smk_fs(void) | |||
| 2998 | rc = smk_preset_netlabel(&smack_known_huh); | 2998 | rc = smk_preset_netlabel(&smack_known_huh); |
| 2999 | if (err == 0 && rc < 0) | 2999 | if (err == 0 && rc < 0) |
| 3000 | err = rc; | 3000 | err = rc; |
| 3001 | rc = smk_preset_netlabel(&smack_known_invalid); | ||
| 3002 | if (err == 0 && rc < 0) | ||
| 3003 | err = rc; | ||
| 3004 | rc = smk_preset_netlabel(&smack_known_star); | 3001 | rc = smk_preset_netlabel(&smack_known_star); |
| 3005 | if (err == 0 && rc < 0) | 3002 | if (err == 0 && rc < 0) |
| 3006 | err = rc; | 3003 | err = rc; |