diff options
| author | Jarkko Sakkinen <jarkko.j.sakkinen@gmail.com> | 2011-10-18 14:21:36 -0400 |
|---|---|---|
| committer | Casey Schaufler <cschaufler@cschaufler-intel.(none)> | 2011-10-20 19:07:31 -0400 |
| commit | 0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d (patch) | |
| tree | eac36ba696cf33bbbe3fcd490589ef453d9c8ef1 /security/smack/smack_access.c | |
| parent | d86b2b61d4dea614d6f319772a90a8f98b55ed67 (diff) | |
Smack: allow to access /smack/access as normal user
Allow query access as a normal user removing the need
for CAP_MAC_ADMIN. Give RW access to /smack/access
for UGO. Do not import smack labels in access check.
Signed-off-by: Jarkko Sakkinen <jarkko.j.sakkinen@gmail.com>
Signed-off-by: Casey Schaufler <cschaufler@cschaufler-intel.(none)>
Diffstat (limited to 'security/smack/smack_access.c')
| -rw-r--r-- | security/smack/smack_access.c | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index a885f628f56e..cc7cb6edba08 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
| @@ -353,17 +353,13 @@ struct smack_known *smk_find_entry(const char *string) | |||
| 353 | } | 353 | } |
| 354 | 354 | ||
| 355 | /** | 355 | /** |
| 356 | * smk_import_entry - import a label, return the list entry | 356 | * smk_parse_smack - parse smack label from a text string |
| 357 | * @string: a text string that might be a Smack label | 357 | * @string: a text string that might contain a Smack label |
| 358 | * @len: the maximum size, or zero if it is NULL terminated. | 358 | * @len: the maximum size, or zero if it is NULL terminated. |
| 359 | * | 359 | * @smack: parsed smack label, or NULL if parse error |
| 360 | * Returns a pointer to the entry in the label list that | ||
| 361 | * matches the passed string, adding it if necessary. | ||
| 362 | */ | 360 | */ |
| 363 | struct smack_known *smk_import_entry(const char *string, int len) | 361 | void smk_parse_smack(const char *string, int len, char *smack) |
| 364 | { | 362 | { |
| 365 | struct smack_known *skp; | ||
| 366 | char smack[SMK_LABELLEN]; | ||
| 367 | int found; | 363 | int found; |
| 368 | int i; | 364 | int i; |
| 369 | 365 | ||
| @@ -381,7 +377,22 @@ struct smack_known *smk_import_entry(const char *string, int len) | |||
| 381 | } else | 377 | } else |
| 382 | smack[i] = string[i]; | 378 | smack[i] = string[i]; |
| 383 | } | 379 | } |
| 380 | } | ||
| 381 | |||
| 382 | /** | ||
| 383 | * smk_import_entry - import a label, return the list entry | ||
| 384 | * @string: a text string that might be a Smack label | ||
| 385 | * @len: the maximum size, or zero if it is NULL terminated. | ||
| 386 | * | ||
| 387 | * Returns a pointer to the entry in the label list that | ||
| 388 | * matches the passed string, adding it if necessary. | ||
| 389 | */ | ||
| 390 | struct smack_known *smk_import_entry(const char *string, int len) | ||
| 391 | { | ||
| 392 | struct smack_known *skp; | ||
| 393 | char smack[SMK_LABELLEN]; | ||
| 384 | 394 | ||
| 395 | smk_parse_smack(string, len, smack); | ||
| 385 | if (smack[0] == '\0') | 396 | if (smack[0] == '\0') |
| 386 | return NULL; | 397 | return NULL; |
| 387 | 398 | ||