forked from luck/tmp_suning_uos_patched
Merge branch 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull smack updates from James Morris: "Two Smack patches for 4.21. Jose's patch adds missing documentation and Zoran's fleshes out the access checks on keyrings" * 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Smack: Improve Documentation smack: fix access permissions for keyring
This commit is contained in:
commit
19f2e267a5
|
@ -818,6 +818,10 @@ Smack supports some mount options:
|
|||
specifies a label to which all labels set on the
|
||||
filesystem must have read access. Not yet enforced.
|
||||
|
||||
smackfstransmute=label:
|
||||
behaves exactly like smackfsroot except that it also
|
||||
sets the transmute flag on the root of the mount
|
||||
|
||||
These mount options apply to all file system types.
|
||||
|
||||
Smack auditing
|
||||
|
|
|
@ -4333,6 +4333,12 @@ static int smack_key_permission(key_ref_t key_ref,
|
|||
int request = 0;
|
||||
int rc;
|
||||
|
||||
/*
|
||||
* Validate requested permissions
|
||||
*/
|
||||
if (perm & ~KEY_NEED_ALL)
|
||||
return -EINVAL;
|
||||
|
||||
keyp = key_ref_to_ptr(key_ref);
|
||||
if (keyp == NULL)
|
||||
return -EINVAL;
|
||||
|
@ -4356,10 +4362,10 @@ static int smack_key_permission(key_ref_t key_ref,
|
|||
ad.a.u.key_struct.key = keyp->serial;
|
||||
ad.a.u.key_struct.key_desc = keyp->description;
|
||||
#endif
|
||||
if (perm & KEY_NEED_READ)
|
||||
request = MAY_READ;
|
||||
if (perm & (KEY_NEED_READ | KEY_NEED_SEARCH | KEY_NEED_VIEW))
|
||||
request |= MAY_READ;
|
||||
if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
|
||||
request = MAY_WRITE;
|
||||
request |= MAY_WRITE;
|
||||
rc = smk_access(tkp, keyp->security, request, &ad);
|
||||
rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
|
||||
return rc;
|
||||
|
|
Loading…
Reference in New Issue
Block a user