2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-20 19:23:57 +08:00
linux-next/security/smack
Zoran Markovic 5b841bfab6 smack: fix access permissions for keyring
Function smack_key_permission() only issues smack requests for the
following operations:
 - KEY_NEED_READ (issues MAY_READ)
 - KEY_NEED_WRITE (issues MAY_WRITE)
 - KEY_NEED_LINK (issues MAY_WRITE)
 - KEY_NEED_SETATTR (issues MAY_WRITE)
A blank smack request is issued in all other cases, resulting in
smack access being granted if there is any rule defined between
subject and object, or denied with -EACCES otherwise.

Request MAY_READ access for KEY_NEED_SEARCH and KEY_NEED_VIEW.
Fix the logic in the unlikely case when both MAY_READ and
MAY_WRITE are needed. Validate access permission field for valid
contents.

Signed-off-by: Zoran Markovic <zmarkovic@sierrawireless.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
2018-12-03 11:57:55 -08:00
..
Kconfig Smack: Signal delivery as an append operation 2016-09-08 13:22:56 -07:00
Makefile Smack: Repair netfilter dependency 2015-01-23 10:08:19 -08:00
smack_access.c Smack: Privilege check on key operations 2018-01-10 09:29:14 -08:00
smack_lsm.c smack: fix access permissions for keyring 2018-12-03 11:57:55 -08:00
smack_netfilter.c netfilter: nf_hook_ops structs can be const 2017-07-31 19:10:44 +02:00
smack.h Smack: Privilege check on key operations 2018-01-10 09:29:14 -08:00
smackfs.c Smack: remove set but not used variable 'root_inode' 2018-09-18 09:07:12 -07:00