diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-06-11 13:01:41 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-06-11 13:01:41 -0400 |
| commit | 3296ca27f50ecbd71db1d808c7a72d311027f919 (patch) | |
| tree | 833eaa58b2013bda86d4bd95faf6efad7a2d5ca4 /security/smack/smackfs.c | |
| parent | e893123c7378192c094747dadec326b7c000c190 (diff) | |
| parent | 73fbad283cfbbcf02939bdbda31fc4a30e729cca (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (44 commits)
nommu: Provide mmap_min_addr definition.
TOMOYO: Add description of lists and structures.
TOMOYO: Remove unused field.
integrity: ima audit dentry_open failure
TOMOYO: Remove unused parameter.
security: use mmap_min_addr indepedently of security models
TOMOYO: Simplify policy reader.
TOMOYO: Remove redundant markers.
SELinux: define audit permissions for audit tree netlink messages
TOMOYO: Remove unused mutex.
tomoyo: avoid get+put of task_struct
smack: Remove redundant initialization.
integrity: nfsd imbalance bug fix
rootplug: Remove redundant initialization.
smack: do not beyond ARRAY_SIZE of data
integrity: move ima_counts_get
integrity: path_check update
IMA: Add __init notation to ima functions
IMA: Minimal IMA policy and boot param for TCB IMA policy
selinux: remove obsolete read buffer limit from sel_read_bool
...
Diffstat (limited to 'security/smack/smackfs.c')
| -rw-r--r-- | security/smack/smackfs.c | 68 |
1 files changed, 67 insertions, 1 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 11d2cb19d7a6..f83a80980726 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
| @@ -41,6 +41,7 @@ enum smk_inos { | |||
| 41 | SMK_AMBIENT = 7, /* internet ambient label */ | 41 | SMK_AMBIENT = 7, /* internet ambient label */ |
| 42 | SMK_NETLBLADDR = 8, /* single label hosts */ | 42 | SMK_NETLBLADDR = 8, /* single label hosts */ |
| 43 | SMK_ONLYCAP = 9, /* the only "capable" label */ | 43 | SMK_ONLYCAP = 9, /* the only "capable" label */ |
| 44 | SMK_LOGGING = 10, /* logging */ | ||
| 44 | }; | 45 | }; |
| 45 | 46 | ||
| 46 | /* | 47 | /* |
| @@ -775,7 +776,7 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf, | |||
| 775 | struct sockaddr_in newname; | 776 | struct sockaddr_in newname; |
| 776 | char smack[SMK_LABELLEN]; | 777 | char smack[SMK_LABELLEN]; |
| 777 | char *sp; | 778 | char *sp; |
| 778 | char data[SMK_NETLBLADDRMAX]; | 779 | char data[SMK_NETLBLADDRMAX + 1]; |
| 779 | char *host = (char *)&newname.sin_addr.s_addr; | 780 | char *host = (char *)&newname.sin_addr.s_addr; |
| 780 | int rc; | 781 | int rc; |
| 781 | struct netlbl_audit audit_info; | 782 | struct netlbl_audit audit_info; |
| @@ -1192,6 +1193,69 @@ static const struct file_operations smk_onlycap_ops = { | |||
| 1192 | }; | 1193 | }; |
| 1193 | 1194 | ||
| 1194 | /** | 1195 | /** |
| 1196 | * smk_read_logging - read() for /smack/logging | ||
| 1197 | * @filp: file pointer, not actually used | ||
| 1198 | * @buf: where to put the result | ||
| 1199 | * @cn: maximum to send along | ||
| 1200 | * @ppos: where to start | ||
| 1201 | * | ||
| 1202 | * Returns number of bytes read or error code, as appropriate | ||
| 1203 | */ | ||
| 1204 | static ssize_t smk_read_logging(struct file *filp, char __user *buf, | ||
| 1205 | size_t count, loff_t *ppos) | ||
| 1206 | { | ||
| 1207 | char temp[32]; | ||
| 1208 | ssize_t rc; | ||
| 1209 | |||
| 1210 | if (*ppos != 0) | ||
| 1211 | return 0; | ||
| 1212 | |||
| 1213 | sprintf(temp, "%d\n", log_policy); | ||
| 1214 | rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); | ||
| 1215 | return rc; | ||
| 1216 | } | ||
| 1217 | |||
| 1218 | /** | ||
| 1219 | * smk_write_logging - write() for /smack/logging | ||
| 1220 | * @file: file pointer, not actually used | ||
| 1221 | * @buf: where to get the data from | ||
| 1222 | * @count: bytes sent | ||
| 1223 | * @ppos: where to start | ||
| 1224 | * | ||
| 1225 | * Returns number of bytes written or error code, as appropriate | ||
| 1226 | */ | ||
| 1227 | static ssize_t smk_write_logging(struct file *file, const char __user *buf, | ||
| 1228 | size_t count, loff_t *ppos) | ||
| 1229 | { | ||
| 1230 | char temp[32]; | ||
| 1231 | int i; | ||
| 1232 | |||
| 1233 | if (!capable(CAP_MAC_ADMIN)) | ||
| 1234 | return -EPERM; | ||
| 1235 | |||
| 1236 | if (count >= sizeof(temp) || count == 0) | ||
| 1237 | return -EINVAL; | ||
| 1238 | |||
| 1239 | if (copy_from_user(temp, buf, count) != 0) | ||
| 1240 | return -EFAULT; | ||
| 1241 | |||
| 1242 | temp[count] = '\0'; | ||
| 1243 | |||
| 1244 | if (sscanf(temp, "%d", &i) != 1) | ||
| 1245 | return -EINVAL; | ||
| 1246 | if (i < 0 || i > 3) | ||
| 1247 | return -EINVAL; | ||
| 1248 | log_policy = i; | ||
| 1249 | return count; | ||
| 1250 | } | ||
| 1251 | |||
| 1252 | |||
| 1253 | |||
| 1254 | static const struct file_operations smk_logging_ops = { | ||
| 1255 | .read = smk_read_logging, | ||
| 1256 | .write = smk_write_logging, | ||
| 1257 | }; | ||
| 1258 | /** | ||
| 1195 | * smk_fill_super - fill the /smackfs superblock | 1259 | * smk_fill_super - fill the /smackfs superblock |
| 1196 | * @sb: the empty superblock | 1260 | * @sb: the empty superblock |
| 1197 | * @data: unused | 1261 | * @data: unused |
| @@ -1221,6 +1285,8 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) | |||
| 1221 | {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, | 1285 | {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, |
| 1222 | [SMK_ONLYCAP] = | 1286 | [SMK_ONLYCAP] = |
| 1223 | {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, | 1287 | {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, |
| 1288 | [SMK_LOGGING] = | ||
| 1289 | {"logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, | ||
| 1224 | /* last one */ {""} | 1290 | /* last one */ {""} |
| 1225 | }; | 1291 | }; |
| 1226 | 1292 | ||