summaryrefslogtreecommitdiff
path: root/security/smack
diff options
context:
space:
mode:
authorHimanshu Shukla <himanshu.sh@samsung.com>2016-11-23 09:29:45 +0300
committerCasey Schaufler <casey@schaufler-ca.com>2017-01-10 20:47:20 +0300
commitc9d238a18baa92600ba015d6d6c2cde53f55c572 (patch)
tree291ae085ac1723cd566d16f3d9f657e17e85c4c3 /security/smack
parent348dc288d4bf4c0272a46a80f97748f36916601b (diff)
downloadlinux-c9d238a18baa92600ba015d6d6c2cde53f55c572.tar.xz
SMACK: Use smk_tskacc() instead of smk_access() for proper logging
smack_file_open() is first checking the capability of calling subject, this check will skip the SMACK logging for success case. Use smk_tskacc() for proper logging and SMACK access check. Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack_lsm.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 4dd458a2b1e8..681583d66c0e 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1955,12 +1955,9 @@ static int smack_file_open(struct file *file, const struct cred *cred)
struct smk_audit_info ad;
int rc;
- if (smack_privileged(CAP_MAC_OVERRIDE))
- return 0;
-
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
smk_ad_setfield_u_fs_path(&ad, file->f_path);
- rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad);
+ rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
rc = smk_bu_credfile(cred, file, MAY_READ, rc);
return rc;