diff options
Diffstat (limited to 'security/smack')
| -rw-r--r-- | security/smack/smack.h | 10 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 16 |
2 files changed, 4 insertions, 22 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index c6e9acae72e4..43ae747a5aa4 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
| @@ -123,16 +123,6 @@ struct smack_known { | |||
| 123 | #define SMK_FSHAT "smackfshat=" | 123 | #define SMK_FSHAT "smackfshat=" |
| 124 | #define SMK_FSROOT "smackfsroot=" | 124 | #define SMK_FSROOT "smackfsroot=" |
| 125 | 125 | ||
| 126 | /* | ||
| 127 | * xattr names | ||
| 128 | */ | ||
| 129 | #define XATTR_SMACK_SUFFIX "SMACK64" | ||
| 130 | #define XATTR_SMACK_IPIN "SMACK64IPIN" | ||
| 131 | #define XATTR_SMACK_IPOUT "SMACK64IPOUT" | ||
| 132 | #define XATTR_NAME_SMACK XATTR_SECURITY_PREFIX XATTR_SMACK_SUFFIX | ||
| 133 | #define XATTR_NAME_SMACKIPIN XATTR_SECURITY_PREFIX XATTR_SMACK_IPIN | ||
| 134 | #define XATTR_NAME_SMACKIPOUT XATTR_SECURITY_PREFIX XATTR_SMACK_IPOUT | ||
| 135 | |||
| 136 | #define SMACK_CIPSO_OPTION "-CIPSO" | 126 | #define SMACK_CIPSO_OPTION "-CIPSO" |
| 137 | 127 | ||
| 138 | /* | 128 | /* |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 276bdc7325e5..c448d57ae2b7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -598,6 +598,8 @@ static int smack_inode_rename(struct inode *old_inode, | |||
| 598 | static int smack_inode_permission(struct inode *inode, int mask) | 598 | static int smack_inode_permission(struct inode *inode, int mask) |
| 599 | { | 599 | { |
| 600 | struct smk_audit_info ad; | 600 | struct smk_audit_info ad; |
| 601 | |||
| 602 | mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); | ||
| 601 | /* | 603 | /* |
| 602 | * No permission to check. Existence test. Yup, it's there. | 604 | * No permission to check. Existence test. Yup, it's there. |
| 603 | */ | 605 | */ |
| @@ -2191,7 +2193,7 @@ static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) | |||
| 2191 | 2193 | ||
| 2192 | /** | 2194 | /** |
| 2193 | * smack_d_instantiate - Make sure the blob is correct on an inode | 2195 | * smack_d_instantiate - Make sure the blob is correct on an inode |
| 2194 | * @opt_dentry: unused | 2196 | * @opt_dentry: dentry where inode will be attached |
| 2195 | * @inode: the object | 2197 | * @inode: the object |
| 2196 | * | 2198 | * |
| 2197 | * Set the inode's security blob if it hasn't been done already. | 2199 | * Set the inode's security blob if it hasn't been done already. |
| @@ -2310,20 +2312,10 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) | |||
| 2310 | /* | 2312 | /* |
| 2311 | * Get the dentry for xattr. | 2313 | * Get the dentry for xattr. |
| 2312 | */ | 2314 | */ |
| 2313 | if (opt_dentry == NULL) { | 2315 | dp = dget(opt_dentry); |
| 2314 | dp = d_find_alias(inode); | ||
| 2315 | if (dp == NULL) | ||
| 2316 | break; | ||
| 2317 | } else { | ||
| 2318 | dp = dget(opt_dentry); | ||
| 2319 | if (dp == NULL) | ||
| 2320 | break; | ||
| 2321 | } | ||
| 2322 | |||
| 2323 | fetched = smk_fetch(inode, dp); | 2316 | fetched = smk_fetch(inode, dp); |
| 2324 | if (fetched != NULL) | 2317 | if (fetched != NULL) |
| 2325 | final = fetched; | 2318 | final = fetched; |
| 2326 | |||
| 2327 | dput(dp); | 2319 | dput(dp); |
| 2328 | break; | 2320 | break; |
| 2329 | } | 2321 | } |