• Zoran Markovic's avatar
    smack: fix access permissions for keyring · ea2e6a09
    Zoran Markovic authored
    [ Upstream commit 5b841bfa ]
    
    Function smack_key_permission() only issues smack requests for the
    following operations:
     - KEY_NEED_READ (issues MAY_READ)
     - KEY_NEED_WRITE (issues MAY_WRITE)
     - KEY_NEED_LINK (issues MAY_WRITE)
     - KEY_NEED_SETATTR (issues MAY_WRITE)
    A blank smack request is issued in all other cases, resulting in
    smack access being granted if there is any rule defined between
    subject and object, or denied with -EACCES otherwise.
    
    Request MAY_READ access for KEY_NEED_SEARCH and KEY_NEED_VIEW.
    Fix the logic in the unlikely case when both MAY_READ and
    MAY_WRITE are needed. Validate access permission field for valid
    contents.
    Signed-off-by: default avatarZoran Markovic <zmarkovic@sierrawireless.com>
    Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    Cc: Casey Schaufler <casey@schaufler-ca.com>
    Cc: James Morris <jmorris@namei.org>
    Cc: "Serge E. Hallyn" <serge@hallyn.com>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    ea2e6a09
Name
Last commit
Last update
..
apparmor Loading commit data...
integrity Loading commit data...
keys Loading commit data...
loadpin Loading commit data...
selinux Loading commit data...
smack Loading commit data...
tomoyo Loading commit data...
yama Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
commoncap.c Loading commit data...
device_cgroup.c Loading commit data...
inode.c Loading commit data...
lsm_audit.c Loading commit data...
min_addr.c Loading commit data...
security.c Loading commit data...