This patch adds a new security attribute to Smack called

SMACK64EXEC. It defines label that is used while task is running. Exception: in smack_task_wait() child task is checked for write access to parent task using label inherited from the task that forked it. Fixed issues from previous submit: - SMACK64EXEC was not read when SMACK64 was not set. - inode security blob was not updated after setting SMACK64EXEC - inode security blob was not updated when removing SMACK64EXEC
author: Casey Schaufler <casey@schaufler-ca.com> 2010-12-02 09:43:39 -0500
committer: Casey Schaufler <casey@schaufler-ca.com> 2010-12-02 09:43:39 -0500
commit: 676dac4b1bee0469d6932f698aeb77e8489f5861 (patch)
tree: 196b4cb35cf8dfdff0698dc4368cfd00acc7391a /security/smack/smack_access.c
parent: 93ae86e759299718c611bc543b9b1633bf32905a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index f4fac64c4da8..42becbc1ce33 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -185,7 +185,7 @@ out_audit:
 int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
 {
        int rc;
-        char *sp = current_security();
+        char *sp = smk_of_current();
        rc = smk_access(sp, obj_label, mode, NULL);
        if (rc == 0)
@@ -196,7 +196,7 @@ int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
         * only one that gets privilege and current does not
         * have that label.
         */
-        if (smack_onlycap != NULL && smack_onlycap != current->cred->security)
+        if (smack_onlycap != NULL && smack_onlycap != sp)
                goto out_audit;
        if (capable(CAP_MAC_OVERRIDE))
author	Casey Schaufler <casey@schaufler-ca.com>	2010-12-02 09:43:39 -0500
committer	Casey Schaufler <casey@schaufler-ca.com>	2010-12-02 09:43:39 -0500
commit	676dac4b1bee0469d6932f698aeb77e8489f5861 (patch)
tree	196b4cb35cf8dfdff0698dc4368cfd00acc7391a /security/smack/smack_access.c
parent	93ae86e759299718c611bc543b9b1633bf32905a (diff)

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index f4fac64c4da8..42becbc1ce33 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c
@@ -185,7 +185,7 @@ out_audit:
185	int smk_curacc(char obj_label, u32 mode, struct smk_audit_info a)	185	int smk_curacc(char obj_label, u32 mode, struct smk_audit_info a)
186	{	186	{
187	int rc;	187	int rc;
188	char *sp = current_security();	188	char *sp = smk_of_current();
189		189
190	rc = smk_access(sp, obj_label, mode, NULL);	190	rc = smk_access(sp, obj_label, mode, NULL);
191	if (rc == 0)	191	if (rc == 0)
@@ -196,7 +196,7 @@ int smk_curacc(char obj_label, u32 mode, struct smk_audit_info a)
196	* only one that gets privilege and current does not	196	* only one that gets privilege and current does not
197	* have that label.	197	* have that label.
198	*/	198	*/
199	if (smack_onlycap != NULL && smack_onlycap != current->cred->security)	199	if (smack_onlycap != NULL && smack_onlycap != sp)
200	goto out_audit;	200	goto out_audit;
201		201
202	if (capable(CAP_MAC_OVERRIDE))	202	if (capable(CAP_MAC_OVERRIDE))