Commit c9d238a1 authored by Himanshu Shukla's avatar Himanshu Shukla Committed by Casey Schaufler

SMACK: Use smk_tskacc() instead of smk_access() for proper logging

smack_file_open() is first checking the capability of calling subject,
this check will skip the SMACK logging for success case. Use smk_tskacc()
for proper logging and SMACK access check.
Signed-off-by: default avatarHimanshu Shukla <himanshu.sh@samsung.com>
Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
parent 348dc288
...@@ -1955,12 +1955,9 @@ static int smack_file_open(struct file *file, const struct cred *cred) ...@@ -1955,12 +1955,9 @@ static int smack_file_open(struct file *file, const struct cred *cred)
struct smk_audit_info ad; struct smk_audit_info ad;
int rc; int rc;
if (smack_privileged(CAP_MAC_OVERRIDE))
return 0;
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
smk_ad_setfield_u_fs_path(&ad, file->f_path); smk_ad_setfield_u_fs_path(&ad, file->f_path);
rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad); rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
rc = smk_bu_credfile(cred, file, MAY_READ, rc); rc = smk_bu_credfile(cred, file, MAY_READ, rc);
return rc; return rc;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment