summaryrefslogtreecommitdiffstats
path: root/security/smack/smackfs.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/smack/smackfs.c')
-rw-r--r--security/smack/smackfs.c26
1 files changed, 19 insertions, 7 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index c21d8c8bf0c..247dc9ebbc7 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -185,11 +185,15 @@ static int smk_open_load(struct inode *inode, struct file *file)
* the subject/object pair and replaces the access that was
* there. If the pair isn't found add it with the specified
* access.
+ *
+ * Returns 0 if nothing goes wrong or -ENOMEM if it fails
+ * during the allocation of the new pair to add.
*/
-static void smk_set_access(struct smack_rule *srp)
+static int smk_set_access(struct smack_rule *srp)
{
struct smk_list_entry *sp;
struct smk_list_entry *newp;
+ int ret = 0;
mutex_lock(&smack_list_lock);
@@ -202,14 +206,20 @@ static void smk_set_access(struct smack_rule *srp)
if (sp == NULL) {
newp = kzalloc(sizeof(struct smk_list_entry), GFP_KERNEL);
+ if (newp == NULL) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
newp->smk_rule = *srp;
newp->smk_next = smack_list;
smack_list = newp;
}
+out:
mutex_unlock(&smack_list_lock);
- return;
+ return ret;
}
/**
@@ -309,8 +319,10 @@ static ssize_t smk_write_load(struct file *file, const char __user *buf,
goto out;
}
- smk_set_access(&rule);
- rc = count;
+ rc = smk_set_access(&rule);
+
+ if (!rc)
+ rc = count;
out:
kfree(data);
@@ -336,7 +348,7 @@ static void smk_cipso_doi(void)
audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current);
- audit_info.secid = smack_to_secid(current->security);
+ audit_info.secid = smack_to_secid(current_security());
rc = netlbl_cfg_map_del(NULL, &audit_info);
if (rc != 0)
@@ -371,7 +383,7 @@ static void smk_unlbl_ambient(char *oldambient)
audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current);
- audit_info.secid = smack_to_secid(current->security);
+ audit_info.secid = smack_to_secid(current_security());
if (oldambient != NULL) {
rc = netlbl_cfg_map_del(oldambient, &audit_info);
@@ -843,7 +855,7 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
char in[SMK_LABELLEN];
- char *sp = current->security;
+ char *sp = current->cred->security;
if (!capable(CAP_MAC_ADMIN))
return -EPERM;