diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-08-31 13:01:40 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-08-31 13:01:40 -0700 |
commit | 9b2eacd8f04625c6cb2dd82469972a3bba3a783a (patch) | |
tree | b11ed30e46aadef8def8817cd0576a9d6ddc3710 /security | |
parent | 8e0cd9525ca7ab8ba87135d85b10596e61b10e63 (diff) | |
parent | bfc3cac0c76126995737f1b858d2cdb476be5b1d (diff) |
Merge tag 'Smack-for-5.15' of git://github.com/cschaufler/smack-next
Pull smack updates from Casey Schaufler:
"There is a variable used only during start-up that's now marked
__initdata and a change where the code was working by sheer luck that
is now done properly.
Both have been in next for several weeks and pass the Smack testsuite"
* tag 'Smack-for-5.15' of git://github.com/cschaufler/smack-next:
smack: mark 'smack_enabled' global variable as __initdata
Smack: Fix wrong semantics in smk_access_entry()
Diffstat (limited to 'security')
-rw-r--r-- | security/smack/smack.h | 2 | ||||
-rw-r--r-- | security/smack/smack_access.c | 17 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 2 |
3 files changed, 10 insertions, 11 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index c3cfbdf4944a..99c3422596ab 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -302,7 +302,7 @@ int smack_populate_secattr(struct smack_known *skp); /* * Shared data. */ -extern int smack_enabled; +extern int smack_enabled __initdata; extern int smack_cipso_direct; extern int smack_cipso_mapped; extern struct smack_known *smack_net_ambient; diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 1f391f6a3d47..d2186e2757be 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -81,23 +81,22 @@ int log_policy = SMACK_AUDIT_DENIED; int smk_access_entry(char *subject_label, char *object_label, struct list_head *rule_list) { - int may = -ENOENT; struct smack_rule *srp; list_for_each_entry_rcu(srp, rule_list, list) { if (srp->smk_object->smk_known == object_label && srp->smk_subject->smk_known == subject_label) { - may = srp->smk_access; - break; + int may = srp->smk_access; + /* + * MAY_WRITE implies MAY_LOCK. + */ + if ((may & MAY_WRITE) == MAY_WRITE) + may |= MAY_LOCK; + return may; } } - /* - * MAY_WRITE implies MAY_LOCK. - */ - if ((may & MAY_WRITE) == MAY_WRITE) - may |= MAY_LOCK; - return may; + return -ENOENT; } /** diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 223a6da0e6dc..cacbe7518519 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -54,7 +54,7 @@ static DEFINE_MUTEX(smack_ipv6_lock); static LIST_HEAD(smk_ipv6_port_list); struct kmem_cache *smack_rule_cache; -int smack_enabled; +int smack_enabled __initdata; #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} static struct { |