Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
c45ed235
Commit
c45ed235
authored
Oct 22, 2011
by
James Morris
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of
git://gitorious.org/smack-next/kernel
into next
parents
e0b057b4
0e94ae17
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
51 additions
and
24 deletions
+51
-24
security/smack/smack.h
security/smack/smack.h
+1
-0
security/smack/smack_access.c
security/smack/smack_access.c
+19
-8
security/smack/smackfs.c
security/smack/smackfs.c
+31
-16
No files found.
security/smack/smack.h
View file @
c45ed235
...
@@ -208,6 +208,7 @@ int smk_curacc(char *, u32, struct smk_audit_info *);
...
@@ -208,6 +208,7 @@ int smk_curacc(char *, u32, struct smk_audit_info *);
int
smack_to_cipso
(
const
char
*
,
struct
smack_cipso
*
);
int
smack_to_cipso
(
const
char
*
,
struct
smack_cipso
*
);
char
*
smack_from_cipso
(
u32
,
char
*
);
char
*
smack_from_cipso
(
u32
,
char
*
);
char
*
smack_from_secid
(
const
u32
);
char
*
smack_from_secid
(
const
u32
);
void
smk_parse_smack
(
const
char
*
string
,
int
len
,
char
*
smack
);
char
*
smk_import
(
const
char
*
,
int
);
char
*
smk_import
(
const
char
*
,
int
);
struct
smack_known
*
smk_import_entry
(
const
char
*
,
int
);
struct
smack_known
*
smk_import_entry
(
const
char
*
,
int
);
struct
smack_known
*
smk_find_entry
(
const
char
*
);
struct
smack_known
*
smk_find_entry
(
const
char
*
);
...
...
security/smack/smack_access.c
View file @
c45ed235
...
@@ -353,17 +353,13 @@ struct smack_known *smk_find_entry(const char *string)
...
@@ -353,17 +353,13 @@ struct smack_known *smk_find_entry(const char *string)
}
}
/**
/**
* smk_
import_entry - import a label, return the list entry
* smk_
parse_smack - parse smack label from a text string
* @string: a text string that might
be
a Smack label
* @string: a text string that might
contain
a Smack label
* @len: the maximum size, or zero if it is NULL terminated.
* @len: the maximum size, or zero if it is NULL terminated.
*
* @smack: parsed smack label, or NULL if parse error
* Returns a pointer to the entry in the label list that
* matches the passed string, adding it if necessary.
*/
*/
struct
smack_known
*
smk_import_entry
(
const
char
*
string
,
int
len
)
void
smk_parse_smack
(
const
char
*
string
,
int
len
,
char
*
smack
)
{
{
struct
smack_known
*
skp
;
char
smack
[
SMK_LABELLEN
];
int
found
;
int
found
;
int
i
;
int
i
;
...
@@ -381,7 +377,22 @@ struct smack_known *smk_import_entry(const char *string, int len)
...
@@ -381,7 +377,22 @@ struct smack_known *smk_import_entry(const char *string, int len)
}
else
}
else
smack
[
i
]
=
string
[
i
];
smack
[
i
]
=
string
[
i
];
}
}
}
/**
* smk_import_entry - import a label, return the list entry
* @string: a text string that might be a Smack label
* @len: the maximum size, or zero if it is NULL terminated.
*
* Returns a pointer to the entry in the label list that
* matches the passed string, adding it if necessary.
*/
struct
smack_known
*
smk_import_entry
(
const
char
*
string
,
int
len
)
{
struct
smack_known
*
skp
;
char
smack
[
SMK_LABELLEN
];
smk_parse_smack
(
string
,
len
,
smack
);
if
(
smack
[
0
]
==
'\0'
)
if
(
smack
[
0
]
==
'\0'
)
return
NULL
;
return
NULL
;
...
...
security/smack/smackfs.c
View file @
c45ed235
...
@@ -191,19 +191,37 @@ static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list,
...
@@ -191,19 +191,37 @@ static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list,
}
}
/**
/**
* smk_parse_rule - parse
subject, object and access type
* smk_parse_rule - parse
Smack rule from load string
* @data: string to be parsed whose size is SMK_LOADLEN
* @data: string to be parsed whose size is SMK_LOADLEN
* @rule: parsed entities are stored in here
* @rule: Smack rule
* @import: if non-zero, import labels
*/
*/
static
int
smk_parse_rule
(
const
char
*
data
,
struct
smack_rule
*
rule
)
static
int
smk_parse_rule
(
const
char
*
data
,
struct
smack_rule
*
rule
,
int
import
)
{
{
rule
->
smk_subject
=
smk_import
(
data
,
0
);
char
smack
[
SMK_LABELLEN
];
if
(
rule
->
smk_subject
==
NULL
)
struct
smack_known
*
skp
;
return
-
1
;
rule
->
smk_object
=
smk_import
(
data
+
SMK_LABELLEN
,
0
);
if
(
import
)
{
if
(
rule
->
smk_object
==
NULL
)
rule
->
smk_subject
=
smk_import
(
data
,
0
);
return
-
1
;
if
(
rule
->
smk_subject
==
NULL
)
return
-
1
;
rule
->
smk_object
=
smk_import
(
data
+
SMK_LABELLEN
,
0
);
if
(
rule
->
smk_object
==
NULL
)
return
-
1
;
}
else
{
smk_parse_smack
(
data
,
0
,
smack
);
skp
=
smk_find_entry
(
smack
);
if
(
skp
==
NULL
)
return
-
1
;
rule
->
smk_subject
=
skp
->
smk_known
;
smk_parse_smack
(
data
+
SMK_LABELLEN
,
0
,
smack
);
skp
=
smk_find_entry
(
smack
);
if
(
skp
==
NULL
)
return
-
1
;
rule
->
smk_object
=
skp
->
smk_known
;
}
rule
->
smk_access
=
0
;
rule
->
smk_access
=
0
;
...
@@ -327,7 +345,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
...
@@ -327,7 +345,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
goto
out
;
goto
out
;
}
}
if
(
smk_parse_rule
(
data
,
rule
))
if
(
smk_parse_rule
(
data
,
rule
,
1
))
goto
out_free_rule
;
goto
out_free_rule
;
if
(
rule_list
==
NULL
)
{
if
(
rule_list
==
NULL
)
{
...
@@ -1499,14 +1517,11 @@ static ssize_t smk_write_access(struct file *file, const char __user *buf,
...
@@ -1499,14 +1517,11 @@ static ssize_t smk_write_access(struct file *file, const char __user *buf,
char
*
data
;
char
*
data
;
int
res
;
int
res
;
if
(
!
capable
(
CAP_MAC_ADMIN
))
return
-
EPERM
;
data
=
simple_transaction_get
(
file
,
buf
,
count
);
data
=
simple_transaction_get
(
file
,
buf
,
count
);
if
(
IS_ERR
(
data
))
if
(
IS_ERR
(
data
))
return
PTR_ERR
(
data
);
return
PTR_ERR
(
data
);
if
(
count
<
SMK_LOADLEN
||
smk_parse_rule
(
data
,
&
rule
))
if
(
count
<
SMK_LOADLEN
||
smk_parse_rule
(
data
,
&
rule
,
0
))
return
-
EINVAL
;
return
-
EINVAL
;
res
=
smk_access
(
rule
.
smk_subject
,
rule
.
smk_object
,
rule
.
smk_access
,
res
=
smk_access
(
rule
.
smk_subject
,
rule
.
smk_object
,
rule
.
smk_access
,
...
@@ -1514,7 +1529,7 @@ static ssize_t smk_write_access(struct file *file, const char __user *buf,
...
@@ -1514,7 +1529,7 @@ static ssize_t smk_write_access(struct file *file, const char __user *buf,
data
[
0
]
=
res
==
0
?
'1'
:
'0'
;
data
[
0
]
=
res
==
0
?
'1'
:
'0'
;
data
[
1
]
=
'\0'
;
data
[
1
]
=
'\0'
;
simple_transaction_set
(
file
,
1
);
simple_transaction_set
(
file
,
2
);
return
SMK_LOADLEN
;
return
SMK_LOADLEN
;
}
}
...
@@ -1560,7 +1575,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
...
@@ -1560,7 +1575,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
[
SMK_LOAD_SELF
]
=
{
[
SMK_LOAD_SELF
]
=
{
"load-self"
,
&
smk_load_self_ops
,
S_IRUGO
|
S_IWUGO
},
"load-self"
,
&
smk_load_self_ops
,
S_IRUGO
|
S_IWUGO
},
[
SMK_ACCESSES
]
=
{
[
SMK_ACCESSES
]
=
{
"access"
,
&
smk_access_ops
,
S_IRUGO
|
S_IWU
SR
},
"access"
,
&
smk_access_ops
,
S_IRUGO
|
S_IWU
GO
},
/* last one */
/* last one */
{
""
}
{
""
}
};
};
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment