diff options
author | Pankaj Kumar <pankaj.k2@samsung.com> | 2013-12-13 15:12:22 +0530 |
---|---|---|
committer | Stephane Desneux <stephane.desneux@open.eurogiciel.org> | 2015-02-04 11:23:21 +0100 |
commit | 28e703b93d62fe25da971670878337360a668aaa (patch) | |
tree | e246f4cc781a9baabb85f538463e8e8ca41fd282 | |
parent | cba9a4bb108cfbda301bc82ab105a3cee7215f93 (diff) | |
download | kernel-common-28e703b93d62fe25da971670878337360a668aaa.tar.gz kernel-common-28e703b93d62fe25da971670878337360a668aaa.tar.bz2 kernel-common-28e703b93d62fe25da971670878337360a668aaa.zip |
bugfix patch for SMACK
1. In order to remove any SMACK extended attribute from a file, a user
should have CAP_MAC_ADMIN capability. But user without having this
capability is able to remove SMACK64MMAP security attribute.
2. While validating size and value of smack extended attribute in
smack_inode_setsecurity hook, wrong error code is returned.
Change-Id: Ib4b290150f4a003733f76cbb7ccc25d228310ecb
Signed-off-by: Pankaj Kumar <pamkaj.k2@samsung.com>
Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
-rw-r--r-- | security/smack/smack_lsm.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index d430977e91d3..b86825b722d3 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1020,7 +1020,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || - strcmp(name, XATTR_NAME_SMACKMMAP)) { + strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { if (!smack_privileged(CAP_MAC_ADMIN)) rc = -EPERM; } else @@ -2158,7 +2158,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, int rc = 0; if (value == NULL || size > SMK_LONGLABEL || size == 0) - return -EACCES; + return -EINVAL; skp = smk_import_entry(value, size); if (skp == NULL) |