Merge branch 'smack-for-3.19' of git://git.gitorious.org/smack-next/kernel into next

author: James Morris <james.l.morris@oracle.com> 2014-11-26 08:35:32 -0500
committer: James Morris <james.l.morris@oracle.com> 2014-11-26 08:35:32 -0500
commit: ac14ae25b676d721b6bfcfb046dc53a9f7760d83 (patch)
tree: 71d0cd79a23bbd744effe37441be2c328399a4e6 /security
parent: a6aacbde406eeb6f8fc218b2c6172825f5e73fcf (diff)
parent: 5c1b66240b7f4abc29c618a768121d6a00f4c95a (diff)
2 files changed, 18 insertions, 12 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 5b970ffde024..1158430f5bb9 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -142,8 +142,7 @@ int smk_access(struct smack_known *subject, struct smack_known *object,
         * Tasks cannot be assigned the internet label.
         * An internet subject can access any object.
         */
-        if (object == &smack_known_web ||
+        if (object == &smack_known_web || subject == &smack_known_web)
-            subject == &smack_known_web)
                goto out_audit;
        /*
         * A star object can be accessed by any subject.
@@ -157,10 +156,11 @@ int smk_access(struct smack_known *subject, struct smack_known *object,
        if (subject->smk_known == object->smk_known)
                goto out_audit;
        /*
-         * A hat subject can read any object.
+         * A hat subject can read or lock any object.
-         * A floor object can be read by any subject.
+         * A floor object can be read or locked by any subject.
         */
-        if ((request & MAY_ANYREAD) == request) {
+        if ((request & MAY_ANYREAD) == request ||
+            (request & MAY_LOCK) == request) {
                if (object == &smack_known_floor)
                        goto out_audit;
                if (subject == &smack_known_hat)
@@ -452,10 +452,9 @@ char *smk_parse_smack(const char *string, int len)
                return NULL;
        smack = kzalloc(i + 1, GFP_KERNEL);
-        if (smack != NULL) {
+        if (smack != NULL)
-                strncpy(smack, string, i + 1);
+                strncpy(smack, string, i);
-                smack[i] = '\0';
-        }
        return smack;
 }
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 93dc876734a4..2717cdd7872c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -53,6 +53,7 @@
 #define SMK_SENDING     2
 LIST_HEAD(smk_ipv6_port_list);
+static struct kmem_cache *smack_inode_cache;
 #ifdef CONFIG_SECURITY_SMACK_BRINGUP
 static void smk_bu_mode(int mode, char *s)
@@ -240,7 +241,7 @@ struct inode_smack *new_inode_smack(struct smack_known *skp)
 {
        struct inode_smack *isp;
-        isp = kzalloc(sizeof(struct inode_smack), GFP_NOFS);
+        isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
        if (isp == NULL)
                return NULL;
@@ -767,7 +768,7 @@ static int smack_inode_alloc_security(struct inode *inode)
 */
 static void smack_inode_free_security(struct inode *inode)
 {
-        kfree(inode->i_security);
+        kmem_cache_free(smack_inode_cache, inode->i_security);
        inode->i_security = NULL;
 }
@@ -4265,10 +4266,16 @@ static __init int smack_init(void)
        if (!security_module_enable(&smack_ops))
                return 0;
+        smack_inode_cache = KMEM_CACHE(inode_smack, 0);
+        if (!smack_inode_cache)
+                return -ENOMEM;
        tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
                                GFP_KERNEL);
-        if (tsp == NULL)
+        if (tsp == NULL) {
+                kmem_cache_destroy(smack_inode_cache);
                return -ENOMEM;
+        }
        printk(KERN_INFO "Smack:  Initializing.\n");
author	James Morris <james.l.morris@oracle.com>	2014-11-26 08:35:32 -0500
committer	James Morris <james.l.morris@oracle.com>	2014-11-26 08:35:32 -0500
commit	ac14ae25b676d721b6bfcfb046dc53a9f7760d83 (patch)
tree	71d0cd79a23bbd744effe37441be2c328399a4e6 /security
parent	a6aacbde406eeb6f8fc218b2c6172825f5e73fcf (diff)
parent	5c1b66240b7f4abc29c618a768121d6a00f4c95a (diff)

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 5b970ffde024..1158430f5bb9 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c
@@ -142,8 +142,7 @@ int smk_access(struct smack_known subject, struct smack_known object,
142	* Tasks cannot be assigned the internet label.	142	* Tasks cannot be assigned the internet label.
143	* An internet subject can access any object.	143	* An internet subject can access any object.
144	*/	144	*/
145	if (object == &smack_known_web \|\|	145	if (object == &smack_known_web \|\| subject == &smack_known_web)
146	subject == &smack_known_web)
147	goto out_audit;	146	goto out_audit;
148	/*	147	/*
149	* A star object can be accessed by any subject.	148	* A star object can be accessed by any subject.
@@ -157,10 +156,11 @@ int smk_access(struct smack_known subject, struct smack_known object,
157	if (subject->smk_known == object->smk_known)	156	if (subject->smk_known == object->smk_known)
158	goto out_audit;	157	goto out_audit;
159	/*	158	/*
160	* A hat subject can read any object.	159	* A hat subject can read or lock any object.
161	* A floor object can be read by any subject.	160	* A floor object can be read or locked by any subject.
162	*/	161	*/
163	if ((request & MAY_ANYREAD) == request) {	162	if ((request & MAY_ANYREAD) == request \|\|
		163	(request & MAY_LOCK) == request) {
164	if (object == &smack_known_floor)	164	if (object == &smack_known_floor)
165	goto out_audit;	165	goto out_audit;
166	if (subject == &smack_known_hat)	166	if (subject == &smack_known_hat)
@@ -452,10 +452,9 @@ char smk_parse_smack(const char string, int len)
452	return NULL;	452	return NULL;
453		453
454	smack = kzalloc(i + 1, GFP_KERNEL);	454	smack = kzalloc(i + 1, GFP_KERNEL);
455	if (smack != NULL) {	455	if (smack != NULL)
456	strncpy(smack, string, i + 1);	456	strncpy(smack, string, i);
457	smack[i] = '\0';	457
458	}
459	return smack;	458	return smack;
460	}	459	}
461		460


diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 93dc876734a4..2717cdd7872c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -53,6 +53,7 @@
53	#define SMK_SENDING 2	53	#define SMK_SENDING 2
54		54
55	LIST_HEAD(smk_ipv6_port_list);	55	LIST_HEAD(smk_ipv6_port_list);
		56	static struct kmem_cache *smack_inode_cache;
56		57
57	#ifdef CONFIG_SECURITY_SMACK_BRINGUP	58	#ifdef CONFIG_SECURITY_SMACK_BRINGUP
58	static void smk_bu_mode(int mode, char *s)	59	static void smk_bu_mode(int mode, char *s)
@@ -240,7 +241,7 @@ struct inode_smack new_inode_smack(struct smack_known skp)
240	{	241	{
241	struct inode_smack *isp;	242	struct inode_smack *isp;
242		243
243	isp = kzalloc(sizeof(struct inode_smack), GFP_NOFS);	244	isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
244	if (isp == NULL)	245	if (isp == NULL)
245	return NULL;	246	return NULL;
246		247
@@ -767,7 +768,7 @@ static int smack_inode_alloc_security(struct inode *inode)
767	*/	768	*/
768	static void smack_inode_free_security(struct inode *inode)	769	static void smack_inode_free_security(struct inode *inode)
769	{	770	{
770	kfree(inode->i_security);	771	kmem_cache_free(smack_inode_cache, inode->i_security);
771	inode->i_security = NULL;	772	inode->i_security = NULL;
772	}	773	}
773		774
@@ -4265,10 +4266,16 @@ static __init int smack_init(void)
4265	if (!security_module_enable(&smack_ops))	4266	if (!security_module_enable(&smack_ops))
4266	return 0;	4267	return 0;
4267		4268
		4269	smack_inode_cache = KMEM_CACHE(inode_smack, 0);
		4270	if (!smack_inode_cache)
		4271	return -ENOMEM;
		4272
4268	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,	4273	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
4269	GFP_KERNEL);	4274	GFP_KERNEL);
4270	if (tsp == NULL)	4275	if (tsp == NULL) {
		4276	kmem_cache_destroy(smack_inode_cache);
4271	return -ENOMEM;	4277	return -ENOMEM;
		4278	}
4272		4279
4273	printk(KERN_INFO "Smack: Initializing.\n");	4280	printk(KERN_INFO "Smack: Initializing.\n");
4274		4281