Smack: Fix wrong semantics in smk_access_entry()

[ Upstream commit 6d14f5c7028eea70760df284057fe198ce7778dd ]

In the smk_access_entry() function, if no matching rule is found
in the rust_list, a negative error code will be used to perform bit
operations with the MAY_ enumeration value. This is semantically
wrong. This patch fixes this issue.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Tianjia Zhang 2021-07-15 17:17:24 +08:00 committed by Greg Kroah-Hartman
parent c454b1a215
commit a1d12196c3
1 changed files with 8 additions and 9 deletions

View File

@ -81,23 +81,22 @@ int log_policy = SMACK_AUDIT_DENIED;
int smk_access_entry(char *subject_label, char *object_label,
struct list_head *rule_list)
{
int may = -ENOENT;
struct smack_rule *srp;
list_for_each_entry_rcu(srp, rule_list, list) {
if (srp->smk_object->smk_known == object_label &&
srp->smk_subject->smk_known == subject_label) {
may = srp->smk_access;
break;
int may = srp->smk_access;
/*
* MAY_WRITE implies MAY_LOCK.
*/
if ((may & MAY_WRITE) == MAY_WRITE)
may |= MAY_LOCK;
return may;
}
}
/*
* MAY_WRITE implies MAY_LOCK.
*/
if ((may & MAY_WRITE) == MAY_WRITE)
may |= MAY_LOCK;
return may;
return -ENOENT;
}
/**