diff options
Diffstat (limited to 'security/smack/smack_lsm.c')
-rw-r--r-- | security/smack/smack_lsm.c | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 5b690482f8cb..25cbfa3f71f4 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -325,7 +325,7 @@ static int smack_sb_statfs(struct dentry *dentry) | |||
325 | static int smack_sb_mount(char *dev_name, struct nameidata *nd, | 325 | static int smack_sb_mount(char *dev_name, struct nameidata *nd, |
326 | char *type, unsigned long flags, void *data) | 326 | char *type, unsigned long flags, void *data) |
327 | { | 327 | { |
328 | struct superblock_smack *sbp = nd->mnt->mnt_sb->s_security; | 328 | struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security; |
329 | 329 | ||
330 | return smk_curacc(sbp->smk_floor, MAY_WRITE); | 330 | return smk_curacc(sbp->smk_floor, MAY_WRITE); |
331 | } | 331 | } |
@@ -1251,9 +1251,8 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) | |||
1251 | 1251 | ||
1252 | switch (smack_net_nltype) { | 1252 | switch (smack_net_nltype) { |
1253 | case NETLBL_NLTYPE_CIPSOV4: | 1253 | case NETLBL_NLTYPE_CIPSOV4: |
1254 | nlsp->domain = NULL; | 1254 | nlsp->domain = kstrdup(smack, GFP_ATOMIC); |
1255 | nlsp->flags = NETLBL_SECATTR_DOMAIN; | 1255 | nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; |
1256 | nlsp->flags |= NETLBL_SECATTR_MLS_LVL; | ||
1257 | 1256 | ||
1258 | rc = smack_to_cipso(smack, &cipso); | 1257 | rc = smack_to_cipso(smack, &cipso); |
1259 | if (rc == 0) { | 1258 | if (rc == 0) { |
@@ -1282,15 +1281,14 @@ static int smack_netlabel(struct sock *sk) | |||
1282 | { | 1281 | { |
1283 | struct socket_smack *ssp; | 1282 | struct socket_smack *ssp; |
1284 | struct netlbl_lsm_secattr secattr; | 1283 | struct netlbl_lsm_secattr secattr; |
1285 | int rc = 0; | 1284 | int rc; |
1286 | 1285 | ||
1287 | ssp = sk->sk_security; | 1286 | ssp = sk->sk_security; |
1288 | netlbl_secattr_init(&secattr); | 1287 | netlbl_secattr_init(&secattr); |
1289 | smack_to_secattr(ssp->smk_out, &secattr); | 1288 | smack_to_secattr(ssp->smk_out, &secattr); |
1290 | if (secattr.flags != NETLBL_SECATTR_NONE) | 1289 | rc = netlbl_sock_setattr(sk, &secattr); |
1291 | rc = netlbl_sock_setattr(sk, &secattr); | ||
1292 | |||
1293 | netlbl_secattr_destroy(&secattr); | 1290 | netlbl_secattr_destroy(&secattr); |
1291 | |||
1294 | return rc; | 1292 | return rc; |
1295 | } | 1293 | } |
1296 | 1294 | ||
@@ -1313,6 +1311,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, | |||
1313 | struct inode_smack *nsp = inode->i_security; | 1311 | struct inode_smack *nsp = inode->i_security; |
1314 | struct socket_smack *ssp; | 1312 | struct socket_smack *ssp; |
1315 | struct socket *sock; | 1313 | struct socket *sock; |
1314 | int rc = 0; | ||
1316 | 1315 | ||
1317 | if (value == NULL || size > SMK_LABELLEN) | 1316 | if (value == NULL || size > SMK_LABELLEN) |
1318 | return -EACCES; | 1317 | return -EACCES; |
@@ -1341,7 +1340,10 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, | |||
1341 | ssp->smk_in = sp; | 1340 | ssp->smk_in = sp; |
1342 | else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { | 1341 | else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { |
1343 | ssp->smk_out = sp; | 1342 | ssp->smk_out = sp; |
1344 | return smack_netlabel(sock->sk); | 1343 | rc = smack_netlabel(sock->sk); |
1344 | if (rc != 0) | ||
1345 | printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n", | ||
1346 | __func__, -rc); | ||
1345 | } else | 1347 | } else |
1346 | return -EOPNOTSUPP; | 1348 | return -EOPNOTSUPP; |
1347 | 1349 | ||
@@ -2214,6 +2216,9 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) | |||
2214 | ssp->smk_packet[0] = '\0'; | 2216 | ssp->smk_packet[0] = '\0'; |
2215 | 2217 | ||
2216 | rc = smack_netlabel(sk); | 2218 | rc = smack_netlabel(sk); |
2219 | if (rc != 0) | ||
2220 | printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n", | ||
2221 | __func__, -rc); | ||
2217 | } | 2222 | } |
2218 | 2223 | ||
2219 | /** | 2224 | /** |
@@ -2346,6 +2351,20 @@ static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | |||
2346 | } | 2351 | } |
2347 | 2352 | ||
2348 | /* | 2353 | /* |
2354 | * smack_secctx_to_secid - return the secid for a smack label | ||
2355 | * @secdata: smack label | ||
2356 | * @seclen: how long result is | ||
2357 | * @secid: outgoing integer | ||
2358 | * | ||
2359 | * Exists for audit and networking code. | ||
2360 | */ | ||
2361 | static int smack_secctx_to_secid(char *secdata, u32 seclen, u32 *secid) | ||
2362 | { | ||
2363 | *secid = smack_to_secid(secdata); | ||
2364 | return 0; | ||
2365 | } | ||
2366 | |||
2367 | /* | ||
2349 | * smack_release_secctx - don't do anything. | 2368 | * smack_release_secctx - don't do anything. |
2350 | * @key_ref: unused | 2369 | * @key_ref: unused |
2351 | * @context: unused | 2370 | * @context: unused |
@@ -2475,6 +2494,7 @@ static struct security_operations smack_ops = { | |||
2475 | .key_permission = smack_key_permission, | 2494 | .key_permission = smack_key_permission, |
2476 | #endif /* CONFIG_KEYS */ | 2495 | #endif /* CONFIG_KEYS */ |
2477 | .secid_to_secctx = smack_secid_to_secctx, | 2496 | .secid_to_secctx = smack_secid_to_secctx, |
2497 | .secctx_to_secid = smack_secctx_to_secid, | ||
2478 | .release_secctx = smack_release_secctx, | 2498 | .release_secctx = smack_release_secctx, |
2479 | }; | 2499 | }; |
2480 | 2500 | ||