diff options
author | Jarkko Sakkinen <jarkko.j.sakkinen@gmail.com> | 2011-10-18 21:21:36 +0300 |
---|---|---|
committer | Casey Schaufler <cschaufler@cschaufler-intel.(none)> | 2011-10-20 16:07:31 -0700 |
commit | 0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d (patch) | |
tree | eac36ba696cf33bbbe3fcd490589ef453d9c8ef1 /security/smack/smack_access.c | |
parent | d86b2b61d4dea614d6f319772a90a8f98b55ed67 (diff) | |
download | linux-0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d.tar.gz linux-0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d.tar.bz2 linux-0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d.zip |
Smack: allow to access /smack/access as normal user
Allow query access as a normal user removing the need
for CAP_MAC_ADMIN. Give RW access to /smack/access
for UGO. Do not import smack labels in access check.
Signed-off-by: Jarkko Sakkinen <jarkko.j.sakkinen@gmail.com>
Signed-off-by: Casey Schaufler <cschaufler@cschaufler-intel.(none)>
Diffstat (limited to 'security/smack/smack_access.c')
-rw-r--r-- | security/smack/smack_access.c | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index a885f628f56e..cc7cb6edba08 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -353,17 +353,13 @@ struct smack_known *smk_find_entry(const char *string) } /** - * smk_import_entry - import a label, return the list entry - * @string: a text string that might be a Smack label + * smk_parse_smack - parse smack label from a text string + * @string: a text string that might contain a Smack label * @len: the maximum size, or zero if it is NULL terminated. - * - * Returns a pointer to the entry in the label list that - * matches the passed string, adding it if necessary. + * @smack: parsed smack label, or NULL if parse error */ -struct smack_known *smk_import_entry(const char *string, int len) +void smk_parse_smack(const char *string, int len, char *smack) { - struct smack_known *skp; - char smack[SMK_LABELLEN]; int found; int i; @@ -381,7 +377,22 @@ struct smack_known *smk_import_entry(const char *string, int len) } else smack[i] = string[i]; } +} + +/** + * smk_import_entry - import a label, return the list entry + * @string: a text string that might be a Smack label + * @len: the maximum size, or zero if it is NULL terminated. + * + * Returns a pointer to the entry in the label list that + * matches the passed string, adding it if necessary. + */ +struct smack_known *smk_import_entry(const char *string, int len) +{ + struct smack_known *skp; + char smack[SMK_LABELLEN]; + smk_parse_smack(string, len, smack); if (smack[0] == '\0') return NULL; |