Smack: change rule cap check

smk_write_change_rule() is calling capable rather than the more correct smack_privileged(). This allows for setting rules in violation of the onlycap facility. This is the simple repair. Change-Id: Icb5321b5b5355d64b0b029d9131cf60b5e97d356 Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
author: Casey Schaufler <casey@schaufler-ca.com> 2013-12-19 13:23:26 -0800
committer: Chanho Park <chanho61.park@samsung.com> 2014-11-18 11:46:07 +0900
commit: 32db5b251746bbe871378528fdf9b3eb24b9978d (patch)
tree: 8a64d109473332e309802025b874f03a530bc1e0 /security
parent: 3a3f16d56f189987dc47918d5ee093f9ac4c8a42 (diff)
download: linux-3.10-32db5b251746bbe871378528fdf9b3eb24b9978d.tar.gz
linux-3.10-32db5b251746bbe871378528fdf9b3eb24b9978d.tar.bz2
linux-3.10-32db5b251746bbe871378528fdf9b3eb24b9978d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index bd5c6e19750..6d8b8e73b15 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -2151,7 +2151,7 @@ static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
 	/*
 	 * Must have privilege.
 	 */
-	if (!capable(CAP_MAC_ADMIN))
+	if (!smack_privileged(CAP_MAC_ADMIN))
 		return -EPERM;
 
 	return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,
author	Casey Schaufler <casey@schaufler-ca.com>	2013-12-19 13:23:26 -0800
committer	Chanho Park <chanho61.park@samsung.com>	2014-11-18 11:46:07 +0900
commit	32db5b251746bbe871378528fdf9b3eb24b9978d (patch)
tree	8a64d109473332e309802025b874f03a530bc1e0 /security
parent	3a3f16d56f189987dc47918d5ee093f9ac4c8a42 (diff)
download	linux-3.10-32db5b251746bbe871378528fdf9b3eb24b9978d.tar.gz linux-3.10-32db5b251746bbe871378528fdf9b3eb24b9978d.tar.bz2 linux-3.10-32db5b251746bbe871378528fdf9b3eb24b9978d.zip