Smack: change rule cap check

smk_write_change_rule() is calling capable rather than the more correct smack_privileged(). This allows for setting rules in violation of the onlycap facility. This is the simple repair. Change-Id: Icb5321b5b5355d64b0b029d9131cf60b5e97d356 Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
author: Casey Schaufler <casey@schaufler-ca.com> 2013-12-19 13:23:26 -0800
committer: Chanho Park <chanho61.park@samsung.com> 2014-03-20 17:42:32 +0900
commit: 8968f2c88beee4cf6b3d6f84de398712d77a865e (patch)
tree: 93513621d1b2494d596ef45c216e7b65cb5e0c42 /security
parent: 05ed55d6fbe9bc4a9026903f8a2fad85a2813039 (diff)
download: linux-3.10-8968f2c88beee4cf6b3d6f84de398712d77a865e.tar.gz
linux-3.10-8968f2c88beee4cf6b3d6f84de398712d77a865e.tar.bz2
linux-3.10-8968f2c88beee4cf6b3d6f84de398712d77a865e.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index bd5c6e19750..6d8b8e73b15 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -2151,7 +2151,7 @@ static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
 	/*
 	 * Must have privilege.
 	 */
-	if (!capable(CAP_MAC_ADMIN))
+	if (!smack_privileged(CAP_MAC_ADMIN))
 		return -EPERM;
 
 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
author	Casey Schaufler <casey@schaufler-ca.com>	2013-12-19 13:23:26 -0800
committer	Chanho Park <chanho61.park@samsung.com>	2014-03-20 17:42:32 +0900
commit	8968f2c88beee4cf6b3d6f84de398712d77a865e (patch)
tree	93513621d1b2494d596ef45c216e7b65cb5e0c42 /security
parent	05ed55d6fbe9bc4a9026903f8a2fad85a2813039 (diff)
download	linux-3.10-8968f2c88beee4cf6b3d6f84de398712d77a865e.tar.gz linux-3.10-8968f2c88beee4cf6b3d6f84de398712d77a865e.tar.bz2 linux-3.10-8968f2c88beee4cf6b3d6f84de398712d77a865e.zip