diff options
Diffstat (limited to 'security/smack/smack_access.c')
| -rw-r--r-- | security/smack/smack_access.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index f6b5f6eed6dd..79ff21ed4c3b 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
| @@ -157,7 +157,7 @@ int smk_access(char *subject_label, char *object_label, int request) | |||
| 157 | * | 157 | * |
| 158 | * This function checks the current subject label/object label pair | 158 | * This function checks the current subject label/object label pair |
| 159 | * in the access rule list and returns 0 if the access is permitted, | 159 | * in the access rule list and returns 0 if the access is permitted, |
| 160 | * non zero otherwise. It allows that current my have the capability | 160 | * non zero otherwise. It allows that current may have the capability |
| 161 | * to override the rules. | 161 | * to override the rules. |
| 162 | */ | 162 | */ |
| 163 | int smk_curacc(char *obj_label, u32 mode) | 163 | int smk_curacc(char *obj_label, u32 mode) |
| @@ -168,6 +168,14 @@ int smk_curacc(char *obj_label, u32 mode) | |||
| 168 | if (rc == 0) | 168 | if (rc == 0) |
| 169 | return 0; | 169 | return 0; |
| 170 | 170 | ||
| 171 | /* | ||
| 172 | * Return if a specific label has been designated as the | ||
| 173 | * only one that gets privilege and current does not | ||
| 174 | * have that label. | ||
| 175 | */ | ||
| 176 | if (smack_onlycap != NULL && smack_onlycap != current->security) | ||
| 177 | return rc; | ||
| 178 | |||
| 171 | if (capable(CAP_MAC_OVERRIDE)) | 179 | if (capable(CAP_MAC_OVERRIDE)) |
| 172 | return 0; | 180 | return 0; |
| 173 | 181 | ||