aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_lsm.c37
1 files changed, 8 insertions, 29 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 8221514cc997..ce9273a18165 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1691,40 +1691,19 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1691 * smack_task_wait - Smack access check for waiting 1691 * smack_task_wait - Smack access check for waiting
1692 * @p: task to wait for 1692 * @p: task to wait for
1693 * 1693 *
1694 * Returns 0 if current can wait for p, error code otherwise 1694 * Returns 0
1695 */ 1695 */
1696static int smack_task_wait(struct task_struct *p) 1696static int smack_task_wait(struct task_struct *p)
1697{ 1697{
1698 struct smk_audit_info ad;
1699 char *sp = smk_of_current();
1700 char *tsp = smk_of_forked(task_security(p));
1701 int rc;
1702
1703 /* we don't log here, we can be overriden */
1704 rc = smk_access(tsp, sp, MAY_WRITE, NULL);
1705 if (rc == 0)
1706 goto out_log;
1707
1708 /* 1698 /*
1709 * Allow the operation to succeed if either task 1699 * Allow the operation to succeed.
1710 * has privilege to perform operations that might 1700 * Zombies are bad.
1711 * account for the smack labels having gotten to 1701 * In userless environments (e.g. phones) programs
1712 * be different in the first place. 1702 * get marked with SMACK64EXEC and even if the parent
1713 * 1703 * and child shouldn't be talking the parent still
1714 * This breaks the strict subject/object access 1704 * may expect to know when the child exits.
1715 * control ideal, taking the object's privilege
1716 * state into account in the decision as well as
1717 * the smack value.
1718 */ 1705 */
1719 if (smack_privileged(CAP_MAC_OVERRIDE) || 1706 return 0;
1720 has_capability(p, CAP_MAC_OVERRIDE))
1721 rc = 0;
1722 /* we log only if we didn't get overriden */
1723 out_log:
1724 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1725 smk_ad_setfield_u_tsk(&ad, p);
1726 smack_log(tsp, sp, MAY_WRITE, rc, &ad);
1727 return rc;
1728} 1707}
1729 1708
1730/** 1709/**