diff options
| author | Olof Johansson <olof@lixom.net> | 2014-07-19 14:59:07 -0700 |
|---|---|---|
| committer | Olof Johansson <olof@lixom.net> | 2014-07-19 14:59:07 -0700 |
| commit | 4e9816d012dbc28dc89559261c6ffbf8ffc440dd (patch) | |
| tree | dee9f8b31f3d6d2fb141541da88e1cc1329b017e /security/smack/smack_access.c | |
| parent | da98f44f27d81d7fe9a41f69af4fe08c18d13b56 (diff) | |
| parent | 1795cd9b3a91d4b5473c97f491d63892442212ab (diff) | |
Merge tag 'v3.16-rc5' into next/fixes-non-critical
Linux 3.16-rc5
Diffstat (limited to 'security/smack/smack_access.c')
| -rw-r--r-- | security/smack/smack_access.c | 38 |
1 files changed, 30 insertions, 8 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 14293cd9b1e..c062e9467b6 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -192,20 +192,21 @@ out_audit: } /** - * smk_curacc - determine if current has a specific access to an object + * smk_tskacc - determine if a task has a specific access to an object + * @tsp: a pointer to the subject task * @obj_label: a pointer to the object's Smack label * @mode: the access requested, in "MAY" format * @a : common audit data * - * This function checks the current subject label/object label pair + * This function checks the subject task's label/object label pair * in the access rule list and returns 0 if the access is permitted, - * non zero otherwise. It allows that current may have the capability + * non zero otherwise. It allows that the task may have the capability * to override the rules. */ -int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a) +int smk_tskacc(struct task_smack *subject, char *obj_label, + u32 mode, struct smk_audit_info *a) { - struct task_smack *tsp = current_security(); - struct smack_known *skp = smk_of_task(tsp); + struct smack_known *skp = smk_of_task(subject); int may; int rc; @@ -219,7 +220,7 @@ int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a) * it can further restrict access. */ may = smk_access_entry(skp->smk_known, obj_label, - &tsp->smk_rules); + &subject->smk_rules); if (may < 0) goto out_audit; if ((mode & may) == mode) @@ -241,6 +242,24 @@ out_audit: return rc; } +/** + * smk_curacc - determine if current has a specific access to an object + * @obj_label: a pointer to the object's Smack label + * @mode: the access requested, in "MAY" format + * @a : common audit data + * + * This function checks the current subject label/object label pair + * in the access rule list and returns 0 if the access is permitted, + * non zero otherwise. It allows that current may have the capability + * to override the rules. + */ +int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a) +{ + struct task_smack *tsp = current_security(); + + return smk_tskacc(tsp, obj_label, mode, a); +} + #ifdef CONFIG_AUDIT /** * smack_str_from_perm : helper to transalate an int to a @@ -285,7 +304,10 @@ static void smack_log_callback(struct audit_buffer *ab, void *a) audit_log_untrustedstring(ab, sad->subject); audit_log_format(ab, " object="); audit_log_untrustedstring(ab, sad->object); - audit_log_format(ab, " requested=%s", sad->request); + if (sad->request[0] == '\0') + audit_log_format(ab, " labels_differ"); + else + audit_log_format(ab, " requested=%s", sad->request); } /** |