Merge branch 'smack-for-4.6' of https://github.com/cschaufler/smack-next into next
This commit is contained in:
commit
6020944280
1 changed files with 14 additions and 32 deletions
|
@ -1442,9 +1442,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
|
||||||
* Don't do anything special for these.
|
* Don't do anything special for these.
|
||||||
* XATTR_NAME_SMACKIPIN
|
* XATTR_NAME_SMACKIPIN
|
||||||
* XATTR_NAME_SMACKIPOUT
|
* XATTR_NAME_SMACKIPOUT
|
||||||
* XATTR_NAME_SMACKEXEC
|
|
||||||
*/
|
*/
|
||||||
if (strcmp(name, XATTR_NAME_SMACK) == 0)
|
if (strcmp(name, XATTR_NAME_SMACK) == 0) {
|
||||||
|
struct super_block *sbp = d_backing_inode(dentry)->i_sb;
|
||||||
|
struct superblock_smack *sbsp = sbp->s_security;
|
||||||
|
|
||||||
|
isp->smk_inode = sbsp->smk_default;
|
||||||
|
} else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
|
||||||
isp->smk_task = NULL;
|
isp->smk_task = NULL;
|
||||||
else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
|
else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
|
||||||
isp->smk_mmap = NULL;
|
isp->smk_mmap = NULL;
|
||||||
|
@ -1545,12 +1549,8 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid)
|
||||||
* File Hooks
|
* File Hooks
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* smack_file_permission - Smack check on file operations
|
* There is no smack_file_permission hook
|
||||||
* @file: unused
|
|
||||||
* @mask: unused
|
|
||||||
*
|
|
||||||
* Returns 0
|
|
||||||
*
|
*
|
||||||
* Should access checks be done on each read or write?
|
* Should access checks be done on each read or write?
|
||||||
* UNICOS and SELinux say yes.
|
* UNICOS and SELinux say yes.
|
||||||
|
@ -1559,10 +1559,6 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid)
|
||||||
* I'll say no for now. Smack does not do the frequent
|
* I'll say no for now. Smack does not do the frequent
|
||||||
* label changing that SELinux does.
|
* label changing that SELinux does.
|
||||||
*/
|
*/
|
||||||
static int smack_file_permission(struct file *file, int mask)
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* smack_file_alloc_security - assign a file security blob
|
* smack_file_alloc_security - assign a file security blob
|
||||||
|
@ -4503,16 +4499,10 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* smack_audit_rule_free - free smack rule representation
|
* There is no need for a smack_audit_rule_free hook.
|
||||||
* @vrule: rule to be freed.
|
|
||||||
*
|
|
||||||
* No memory was allocated.
|
* No memory was allocated.
|
||||||
*/
|
*/
|
||||||
static void smack_audit_rule_free(void *vrule)
|
|
||||||
{
|
|
||||||
/* No-op */
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* CONFIG_AUDIT */
|
#endif /* CONFIG_AUDIT */
|
||||||
|
|
||||||
|
@ -4563,16 +4553,11 @@ static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* smack_release_secctx - don't do anything.
|
* There used to be a smack_release_secctx hook
|
||||||
* @secdata: unused
|
* that did nothing back when hooks were in a vector.
|
||||||
* @seclen: unused
|
* Now that there's a list such a hook adds cost.
|
||||||
*
|
|
||||||
* Exists to make sure nothing gets done, and properly
|
|
||||||
*/
|
*/
|
||||||
static void smack_release_secctx(char *secdata, u32 seclen)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
|
static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
|
||||||
{
|
{
|
||||||
|
@ -4631,7 +4616,6 @@ static struct security_hook_list smack_hooks[] = {
|
||||||
LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
|
LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
|
||||||
LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
|
LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
|
||||||
|
|
||||||
LSM_HOOK_INIT(file_permission, smack_file_permission),
|
|
||||||
LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
|
LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
|
||||||
LSM_HOOK_INIT(file_free_security, smack_file_free_security),
|
LSM_HOOK_INIT(file_free_security, smack_file_free_security),
|
||||||
LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
|
LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
|
||||||
|
@ -4726,13 +4710,11 @@ static struct security_hook_list smack_hooks[] = {
|
||||||
LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
|
LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
|
||||||
LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
|
LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
|
||||||
LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
|
LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
|
||||||
LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free),
|
|
||||||
#endif /* CONFIG_AUDIT */
|
#endif /* CONFIG_AUDIT */
|
||||||
|
|
||||||
LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
|
LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
|
||||||
LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
|
LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
|
||||||
LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
|
LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
|
||||||
LSM_HOOK_INIT(release_secctx, smack_release_secctx),
|
|
||||||
LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
|
LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
|
||||||
LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
|
LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
|
||||||
LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
|
LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
|
||||||
|
|
Loading…
Reference in a new issue