diff options
Diffstat (limited to 'security/smack/smack_lsm.c')
| -rw-r--r-- | security/smack/smack_lsm.c | 29 |
1 files changed, 3 insertions, 26 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 46d8be434466..4d90257d03ad 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1384,20 +1384,14 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
| 1384 | skp = smk_import_entry(value, size); | 1384 | skp = smk_import_entry(value, size); |
| 1385 | if (!IS_ERR(skp)) | 1385 | if (!IS_ERR(skp)) |
| 1386 | isp->smk_inode = skp; | 1386 | isp->smk_inode = skp; |
| 1387 | else | ||
| 1388 | isp->smk_inode = &smack_known_invalid; | ||
| 1389 | } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { | 1387 | } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { |
| 1390 | skp = smk_import_entry(value, size); | 1388 | skp = smk_import_entry(value, size); |
| 1391 | if (!IS_ERR(skp)) | 1389 | if (!IS_ERR(skp)) |
| 1392 | isp->smk_task = skp; | 1390 | isp->smk_task = skp; |
| 1393 | else | ||
| 1394 | isp->smk_task = &smack_known_invalid; | ||
| 1395 | } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { | 1391 | } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { |
| 1396 | skp = smk_import_entry(value, size); | 1392 | skp = smk_import_entry(value, size); |
| 1397 | if (!IS_ERR(skp)) | 1393 | if (!IS_ERR(skp)) |
| 1398 | isp->smk_mmap = skp; | 1394 | isp->smk_mmap = skp; |
| 1399 | else | ||
| 1400 | isp->smk_mmap = &smack_known_invalid; | ||
| 1401 | } | 1395 | } |
| 1402 | 1396 | ||
| 1403 | return; | 1397 | return; |
| @@ -2068,12 +2062,8 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old) | |||
| 2068 | static int smack_kernel_act_as(struct cred *new, u32 secid) | 2062 | static int smack_kernel_act_as(struct cred *new, u32 secid) |
| 2069 | { | 2063 | { |
| 2070 | struct task_smack *new_tsp = new->security; | 2064 | struct task_smack *new_tsp = new->security; |
| 2071 | struct smack_known *skp = smack_from_secid(secid); | ||
| 2072 | |||
| 2073 | if (skp == NULL) | ||
| 2074 | return -EINVAL; | ||
| 2075 | 2065 | ||
| 2076 | new_tsp->smk_task = skp; | 2066 | new_tsp->smk_task = smack_from_secid(secid); |
| 2077 | return 0; | 2067 | return 0; |
| 2078 | } | 2068 | } |
| 2079 | 2069 | ||
| @@ -3894,21 +3884,11 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, | |||
| 3894 | return &smack_known_web; | 3884 | return &smack_known_web; |
| 3895 | return &smack_known_star; | 3885 | return &smack_known_star; |
| 3896 | } | 3886 | } |
| 3897 | if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { | 3887 | if ((sap->flags & NETLBL_SECATTR_SECID) != 0) |
| 3898 | /* | 3888 | /* |
| 3899 | * Looks like a fallback, which gives us a secid. | 3889 | * Looks like a fallback, which gives us a secid. |
| 3900 | */ | 3890 | */ |
| 3901 | skp = smack_from_secid(sap->attr.secid); | 3891 | return smack_from_secid(sap->attr.secid); |
| 3902 | /* | ||
| 3903 | * This has got to be a bug because it is | ||
| 3904 | * impossible to specify a fallback without | ||
| 3905 | * specifying the label, which will ensure | ||
| 3906 | * it has a secid, and the only way to get a | ||
| 3907 | * secid is from a fallback. | ||
| 3908 | */ | ||
| 3909 | BUG_ON(skp == NULL); | ||
| 3910 | return skp; | ||
| 3911 | } | ||
| 3912 | /* | 3892 | /* |
| 3913 | * Without guidance regarding the smack value | 3893 | * Without guidance regarding the smack value |
| 3914 | * for the packet fall back on the network | 3894 | * for the packet fall back on the network |
| @@ -4771,7 +4751,6 @@ static __init void init_smack_known_list(void) | |||
| 4771 | mutex_init(&smack_known_hat.smk_rules_lock); | 4751 | mutex_init(&smack_known_hat.smk_rules_lock); |
| 4772 | mutex_init(&smack_known_floor.smk_rules_lock); | 4752 | mutex_init(&smack_known_floor.smk_rules_lock); |
| 4773 | mutex_init(&smack_known_star.smk_rules_lock); | 4753 | mutex_init(&smack_known_star.smk_rules_lock); |
| 4774 | mutex_init(&smack_known_invalid.smk_rules_lock); | ||
| 4775 | mutex_init(&smack_known_web.smk_rules_lock); | 4754 | mutex_init(&smack_known_web.smk_rules_lock); |
| 4776 | /* | 4755 | /* |
| 4777 | * Initialize rule lists | 4756 | * Initialize rule lists |
| @@ -4780,7 +4759,6 @@ static __init void init_smack_known_list(void) | |||
| 4780 | INIT_LIST_HEAD(&smack_known_hat.smk_rules); | 4759 | INIT_LIST_HEAD(&smack_known_hat.smk_rules); |
| 4781 | INIT_LIST_HEAD(&smack_known_star.smk_rules); | 4760 | INIT_LIST_HEAD(&smack_known_star.smk_rules); |
| 4782 | INIT_LIST_HEAD(&smack_known_floor.smk_rules); | 4761 | INIT_LIST_HEAD(&smack_known_floor.smk_rules); |
| 4783 | INIT_LIST_HEAD(&smack_known_invalid.smk_rules); | ||
| 4784 | INIT_LIST_HEAD(&smack_known_web.smk_rules); | 4762 | INIT_LIST_HEAD(&smack_known_web.smk_rules); |
| 4785 | /* | 4763 | /* |
| 4786 | * Create the known labels list | 4764 | * Create the known labels list |
| @@ -4789,7 +4767,6 @@ static __init void init_smack_known_list(void) | |||
| 4789 | smk_insert_entry(&smack_known_hat); | 4767 | smk_insert_entry(&smack_known_hat); |
| 4790 | smk_insert_entry(&smack_known_star); | 4768 | smk_insert_entry(&smack_known_star); |
| 4791 | smk_insert_entry(&smack_known_floor); | 4769 | smk_insert_entry(&smack_known_floor); |
| 4792 | smk_insert_entry(&smack_known_invalid); | ||
| 4793 | smk_insert_entry(&smack_known_web); | 4770 | smk_insert_entry(&smack_known_web); |
| 4794 | } | 4771 | } |
| 4795 | 4772 | ||