aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/smack/smackfs.c29
1 files changed, 15 insertions, 14 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 160aa08e3cd5..1c89ade186b6 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -301,7 +301,8 @@ static int smk_perm_from_str(const char *string)
301 * @import: if non-zero, import labels 301 * @import: if non-zero, import labels
302 * @len: label length limit 302 * @len: label length limit
303 * 303 *
304 * Returns 0 on success, -1 on failure 304 * Returns 0 on success, -EINVAL on failure and -ENOENT when either subject
305 * or object is missing.
305 */ 306 */
306static int smk_fill_rule(const char *subject, const char *object, 307static int smk_fill_rule(const char *subject, const char *object,
307 const char *access1, const char *access2, 308 const char *access1, const char *access2,
@@ -314,28 +315,28 @@ static int smk_fill_rule(const char *subject, const char *object,
314 if (import) { 315 if (import) {
315 rule->smk_subject = smk_import_entry(subject, len); 316 rule->smk_subject = smk_import_entry(subject, len);
316 if (rule->smk_subject == NULL) 317 if (rule->smk_subject == NULL)
317 return -1; 318 return -EINVAL;
318 319
319 rule->smk_object = smk_import(object, len); 320 rule->smk_object = smk_import(object, len);
320 if (rule->smk_object == NULL) 321 if (rule->smk_object == NULL)
321 return -1; 322 return -EINVAL;
322 } else { 323 } else {
323 cp = smk_parse_smack(subject, len); 324 cp = smk_parse_smack(subject, len);
324 if (cp == NULL) 325 if (cp == NULL)
325 return -1; 326 return -EINVAL;
326 skp = smk_find_entry(cp); 327 skp = smk_find_entry(cp);
327 kfree(cp); 328 kfree(cp);
328 if (skp == NULL) 329 if (skp == NULL)
329 return -1; 330 return -ENOENT;
330 rule->smk_subject = skp; 331 rule->smk_subject = skp;
331 332
332 cp = smk_parse_smack(object, len); 333 cp = smk_parse_smack(object, len);
333 if (cp == NULL) 334 if (cp == NULL)
334 return -1; 335 return -EINVAL;
335 skp = smk_find_entry(cp); 336 skp = smk_find_entry(cp);
336 kfree(cp); 337 kfree(cp);
337 if (skp == NULL) 338 if (skp == NULL)
338 return -1; 339 return -ENOENT;
339 rule->smk_object = skp->smk_known; 340 rule->smk_object = skp->smk_known;
340 } 341 }
341 342
@@ -381,6 +382,7 @@ static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
381{ 382{
382 ssize_t cnt = 0; 383 ssize_t cnt = 0;
383 char *tok[4]; 384 char *tok[4];
385 int rc;
384 int i; 386 int i;
385 387
386 /* 388 /*
@@ -405,10 +407,8 @@ static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
405 while (i < 4) 407 while (i < 4)
406 tok[i++] = NULL; 408 tok[i++] = NULL;
407 409
408 if (smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0)) 410 rc = smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0);
409 return -1; 411 return rc == 0 ? cnt : rc;
410
411 return cnt;
412} 412}
413 413
414#define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */ 414#define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */
@@ -1856,11 +1856,12 @@ static ssize_t smk_user_access(struct file *file, const char __user *buf,
1856 res = smk_parse_long_rule(data, &rule, 0, 3); 1856 res = smk_parse_long_rule(data, &rule, 0, 3);
1857 } 1857 }
1858 1858
1859 if (res < 0) 1859 if (res >= 0)
1860 res = smk_access(rule.smk_subject, rule.smk_object,
1861 rule.smk_access1, NULL);
1862 else if (res != -ENOENT)
1860 return -EINVAL; 1863 return -EINVAL;
1861 1864
1862 res = smk_access(rule.smk_subject, rule.smk_object,
1863 rule.smk_access1, NULL);
1864 data[0] = res == 0 ? '1' : '0'; 1865 data[0] = res == 0 ? '1' : '0';
1865 data[1] = '\0'; 1866 data[1] = '\0';
1866 1867
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-27 00:54:54 -0500