diff options
Diffstat (limited to 'security/smack')
-rw-r--r-- | security/smack/smack_lsm.c | 37 |
1 files changed, 8 insertions, 29 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 8221514cc997..ce9273a18165 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -1691,40 +1691,19 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, | |||
1691 | * smack_task_wait - Smack access check for waiting | 1691 | * smack_task_wait - Smack access check for waiting |
1692 | * @p: task to wait for | 1692 | * @p: task to wait for |
1693 | * | 1693 | * |
1694 | * Returns 0 if current can wait for p, error code otherwise | 1694 | * Returns 0 |
1695 | */ | 1695 | */ |
1696 | static int smack_task_wait(struct task_struct *p) | 1696 | static int smack_task_wait(struct task_struct *p) |
1697 | { | 1697 | { |
1698 | struct smk_audit_info ad; | ||
1699 | char *sp = smk_of_current(); | ||
1700 | char *tsp = smk_of_forked(task_security(p)); | ||
1701 | int rc; | ||
1702 | |||
1703 | /* we don't log here, we can be overriden */ | ||
1704 | rc = smk_access(tsp, sp, MAY_WRITE, NULL); | ||
1705 | if (rc == 0) | ||
1706 | goto out_log; | ||
1707 | |||
1708 | /* | 1698 | /* |
1709 | * Allow the operation to succeed if either task | 1699 | * Allow the operation to succeed. |
1710 | * has privilege to perform operations that might | 1700 | * Zombies are bad. |
1711 | * account for the smack labels having gotten to | 1701 | * In userless environments (e.g. phones) programs |
1712 | * be different in the first place. | 1702 | * get marked with SMACK64EXEC and even if the parent |
1713 | * | 1703 | * and child shouldn't be talking the parent still |
1714 | * This breaks the strict subject/object access | 1704 | * may expect to know when the child exits. |
1715 | * control ideal, taking the object's privilege | ||
1716 | * state into account in the decision as well as | ||
1717 | * the smack value. | ||
1718 | */ | 1705 | */ |
1719 | if (smack_privileged(CAP_MAC_OVERRIDE) || | 1706 | return 0; |
1720 | has_capability(p, CAP_MAC_OVERRIDE)) | ||
1721 | rc = 0; | ||
1722 | /* we log only if we didn't get overriden */ | ||
1723 | out_log: | ||
1724 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | ||
1725 | smk_ad_setfield_u_tsk(&ad, p); | ||
1726 | smack_log(tsp, sp, MAY_WRITE, rc, &ad); | ||
1727 | return rc; | ||
1728 | } | 1707 | } |
1729 | 1708 | ||
1730 | /** | 1709 | /** |