• Zoran Markovic's avatar
    smack: fix access permissions for keyring · 9c58ef24
    Zoran Markovic authored
    [ Upstream commit 5b841bfab695e3b8ae793172a9ff7990f99cc3e2 ]
    
    Function smack_key_permission() only issues smack requests for the
    following operations:
     - KEY_NEED_READ (issues MAY_READ)
     - KEY_NEED_WRITE (issues MAY_WRITE)
     - KEY_NEED_LINK (issues MAY_WRITE)
     - KEY_NEED_SETATTR (issues MAY_WRITE)
    A blank smack request is issued in all other cases, resulting in
    smack access being granted if there is any rule defined between
    subject and object, or denied with -EACCES otherwise.
    
    Request MAY_READ access for KEY_NEED_SEARCH and KEY_NEED_VIEW.
    Fix the logic in the unlikely case when both MAY_READ and
    MAY_WRITE are needed. Validate access permission field for valid
    contents.
    Signed-off-by: 's avatarZoran Markovic <zmarkovic@sierrawireless.com>
    Signed-off-by: 's avatarCasey Schaufler <casey@schaufler-ca.com>
    Cc: Casey Schaufler <casey@schaufler-ca.com>
    Cc: James Morris <jmorris@namei.org>
    Cc: "Serge E. Hallyn" <serge@hallyn.com>
    Signed-off-by: 's avatarSasha Levin <sashal@kernel.org>
    9c58ef24
Name
Last commit
Last update
..
apparmor Loading commit data...
integrity Loading commit data...
keys Loading commit data...
loadpin Loading commit data...
selinux Loading commit data...
smack Loading commit data...
tomoyo Loading commit data...
yama Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
commoncap.c Loading commit data...
device_cgroup.c Loading commit data...
inode.c Loading commit data...
lsm_audit.c Loading commit data...
min_addr.c Loading commit data...
security.c Loading commit data...