diff options
| author | Casey Schaufler | 2011-02-09 21:58:42 -0600 |
|---|---|---|
| committer | Casey Schaufler | 2011-02-09 21:58:42 -0600 |
| commit | 75a25637bf8a1b8fbed2368c0a3ec15c66a534f1 (patch) | |
| tree | 038d52827d9a285fed1bb384f06d7adabf4ef674 /security/smack | |
| parent | db904aa8147440b750a35d58befed38155a1abb9 (diff) | |
| download | kernel-common-75a25637bf8a1b8fbed2368c0a3ec15c66a534f1.tar.gz kernel-common-75a25637bf8a1b8fbed2368c0a3ec15c66a534f1.tar.xz kernel-common-75a25637bf8a1b8fbed2368c0a3ec15c66a534f1.zip | |
Smack: correct final mmap check comparison
The mmap policy enforcement checks the access of the
SMACK64MMAP subject against the current subject incorrectly.
The check as written works correctly only if the access
rules involved have the same access. This is the common
case, so initial testing did not find a problem.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack')
| -rw-r--r-- | security/smack/smack_lsm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 92cb71507f5..5ab3f39442f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1218,7 +1218,7 @@ static int smack_file_mmap(struct file *file, | |||
| 1218 | * not available to a SMACK64MMAP subject | 1218 | * not available to a SMACK64MMAP subject |
| 1219 | * deny access. | 1219 | * deny access. |
| 1220 | */ | 1220 | */ |
| 1221 | if ((may | mmay) != may) { | 1221 | if ((may | mmay) != mmay) { |
| 1222 | rc = -EACCES; | 1222 | rc = -EACCES; |
| 1223 | break; | 1223 | break; |
| 1224 | } | 1224 | } |