Smack: Fix wrong semantics in smk_access_entry()
[ Upstream commit 6d14f5c7028eea70760df284057fe198ce7778dd ] In the smk_access_entry() function, if no matching rule is found in the rust_list, a negative error code will be used to perform bit operations with the MAY_ enumeration value. This is semantically wrong. This patch fixes this issue. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
c454b1a215
commit
a1d12196c3
@ -81,17 +81,12 @@ int log_policy = SMACK_AUDIT_DENIED;
|
|||||||
int smk_access_entry(char *subject_label, char *object_label,
|
int smk_access_entry(char *subject_label, char *object_label,
|
||||||
struct list_head *rule_list)
|
struct list_head *rule_list)
|
||||||
{
|
{
|
||||||
int may = -ENOENT;
|
|
||||||
struct smack_rule *srp;
|
struct smack_rule *srp;
|
||||||
|
|
||||||
list_for_each_entry_rcu(srp, rule_list, list) {
|
list_for_each_entry_rcu(srp, rule_list, list) {
|
||||||
if (srp->smk_object->smk_known == object_label &&
|
if (srp->smk_object->smk_known == object_label &&
|
||||||
srp->smk_subject->smk_known == subject_label) {
|
srp->smk_subject->smk_known == subject_label) {
|
||||||
may = srp->smk_access;
|
int may = srp->smk_access;
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* MAY_WRITE implies MAY_LOCK.
|
* MAY_WRITE implies MAY_LOCK.
|
||||||
*/
|
*/
|
||||||
@ -99,6 +94,10 @@ int smk_access_entry(char *subject_label, char *object_label,
|
|||||||
may |= MAY_LOCK;
|
may |= MAY_LOCK;
|
||||||
return may;
|
return may;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return -ENOENT;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* smk_access - determine if a subject has a specific access to an object
|
* smk_access - determine if a subject has a specific access to an object
|
||||||
|
Loading…
Reference in New Issue
Block a user