aboutsummaryrefslogtreecommitdiffstats
path: root/security/smack
diff options
context:
space:
mode:
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack_access.c2
-rw-r--r--security/smack/smack_lsm.c12
-rw-r--r--security/smack/smackfs.c6
3 files changed, 12 insertions, 8 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 86453db4333d..9637e107f7ea 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -431,7 +431,7 @@ char *smk_import(const char *string, int len)
431 * smack_from_secid - find the Smack label associated with a secid 431 * smack_from_secid - find the Smack label associated with a secid
432 * @secid: an integer that might be associated with a Smack label 432 * @secid: an integer that might be associated with a Smack label
433 * 433 *
434 * Returns a pointer to the appropraite Smack label if there is one, 434 * Returns a pointer to the appropriate Smack label if there is one,
435 * otherwise a pointer to the invalid Smack label. 435 * otherwise a pointer to the invalid Smack label.
436 */ 436 */
437char *smack_from_secid(const u32 secid) 437char *smack_from_secid(const u32 secid)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 23c7a6d0c80c..400a5d5cde61 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -686,7 +686,7 @@ static int smack_inode_rename(struct inode *old_inode,
686 * 686 *
687 * Returns 0 if access is permitted, -EACCES otherwise 687 * Returns 0 if access is permitted, -EACCES otherwise
688 */ 688 */
689static int smack_inode_permission(struct inode *inode, int mask) 689static int smack_inode_permission(struct inode *inode, int mask, unsigned flags)
690{ 690{
691 struct smk_audit_info ad; 691 struct smk_audit_info ad;
692 692
@@ -696,6 +696,10 @@ static int smack_inode_permission(struct inode *inode, int mask)
696 */ 696 */
697 if (mask == 0) 697 if (mask == 0)
698 return 0; 698 return 0;
699
700 /* May be droppable after audit */
701 if (flags & IPERM_FLAG_RCU)
702 return -ECHILD;
699 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 703 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
700 smk_ad_setfield_u_fs_inode(&ad, inode); 704 smk_ad_setfield_u_fs_inode(&ad, inode);
701 return smk_curacc(smk_of_inode(inode), mask, &ad); 705 return smk_curacc(smk_of_inode(inode), mask, &ad);
@@ -1794,7 +1798,7 @@ static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
1794 * Casey says that CIPSO is good enough for now. 1798 * Casey says that CIPSO is good enough for now.
1795 * It can be used to effect. 1799 * It can be used to effect.
1796 * It can also be abused to effect when necessary. 1800 * It can also be abused to effect when necessary.
1797 * Appologies to the TSIG group in general and GW in particular. 1801 * Apologies to the TSIG group in general and GW in particular.
1798 */ 1802 */
1799static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) 1803static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
1800{ 1804{
@@ -2530,7 +2534,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2530 switch (sbp->s_magic) { 2534 switch (sbp->s_magic) {
2531 case SMACK_MAGIC: 2535 case SMACK_MAGIC:
2532 /* 2536 /*
2533 * Casey says that it's a little embarassing 2537 * Casey says that it's a little embarrassing
2534 * that the smack file system doesn't do 2538 * that the smack file system doesn't do
2535 * extended attributes. 2539 * extended attributes.
2536 */ 2540 */
@@ -3084,7 +3088,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3084 /* 3088 /*
3085 * We need to decide if we want to label the incoming connection here 3089 * We need to decide if we want to label the incoming connection here
3086 * if we do we only need to label the request_sock and the stack will 3090 * if we do we only need to label the request_sock and the stack will
3087 * propogate the wire-label to the sock when it is created. 3091 * propagate the wire-label to the sock when it is created.
3088 */ 3092 */
3089 hdr = ip_hdr(skb); 3093 hdr = ip_hdr(skb);
3090 addr.sin_addr.s_addr = hdr->saddr; 3094 addr.sin_addr.s_addr = hdr->saddr;
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 90d1bbaaa6f3..f93460156dce 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -208,7 +208,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
208 if (*ppos != 0) 208 if (*ppos != 0)
209 return -EINVAL; 209 return -EINVAL;
210 /* 210 /*
211 * Minor hack for backward compatability 211 * Minor hack for backward compatibility
212 */ 212 */
213 if (count < (SMK_OLOADLEN) || count > SMK_LOADLEN) 213 if (count < (SMK_OLOADLEN) || count > SMK_LOADLEN)
214 return -EINVAL; 214 return -EINVAL;
@@ -223,7 +223,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
223 } 223 }
224 224
225 /* 225 /*
226 * More on the minor hack for backward compatability 226 * More on the minor hack for backward compatibility
227 */ 227 */
228 if (count == (SMK_OLOADLEN)) 228 if (count == (SMK_OLOADLEN))
229 data[SMK_OLOADLEN] = '-'; 229 data[SMK_OLOADLEN] = '-';
@@ -927,7 +927,7 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
927 } 927 }
928 } else { 928 } else {
929 /* we delete the unlabeled entry, only if the previous label 929 /* we delete the unlabeled entry, only if the previous label
930 * wasnt the special CIPSO option */ 930 * wasn't the special CIPSO option */
931 if (skp->smk_label != smack_cipso_option) 931 if (skp->smk_label != smack_cipso_option)
932 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL, 932 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
933 &skp->smk_host.sin_addr, &skp->smk_mask, 933 &skp->smk_host.sin_addr, &skp->smk_mask,
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-02 13:47:53 -0400