mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-17 01:34:00 +08:00
Smack: Fix wrong semantics in smk_access_entry()
In the smk_access_entry() function, if no matching rule is found in the rust_list, a negative error code will be used to perform bit operations with the MAY_ enumeration value. This is semantically wrong. This patch fixes this issue. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
parent
2734d6c1b1
commit
6d14f5c702
@ -81,23 +81,22 @@ int log_policy = SMACK_AUDIT_DENIED;
|
||||
int smk_access_entry(char *subject_label, char *object_label,
|
||||
struct list_head *rule_list)
|
||||
{
|
||||
int may = -ENOENT;
|
||||
struct smack_rule *srp;
|
||||
|
||||
list_for_each_entry_rcu(srp, rule_list, list) {
|
||||
if (srp->smk_object->smk_known == object_label &&
|
||||
srp->smk_subject->smk_known == subject_label) {
|
||||
may = srp->smk_access;
|
||||
break;
|
||||
int may = srp->smk_access;
|
||||
/*
|
||||
* MAY_WRITE implies MAY_LOCK.
|
||||
*/
|
||||
if ((may & MAY_WRITE) == MAY_WRITE)
|
||||
may |= MAY_LOCK;
|
||||
return may;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* MAY_WRITE implies MAY_LOCK.
|
||||
*/
|
||||
if ((may & MAY_WRITE) == MAY_WRITE)
|
||||
may |= MAY_LOCK;
|
||||
return may;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user