diff options
Diffstat (limited to 'security/smack')
-rw-r--r-- | security/smack/smack.h | 10 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 16 |
2 files changed, 4 insertions, 22 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index c6e9acae72e4..43ae747a5aa4 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -123,16 +123,6 @@ struct smack_known { #define SMK_FSHAT "smackfshat=" #define SMK_FSROOT "smackfsroot=" -/* - * xattr names - */ -#define XATTR_SMACK_SUFFIX "SMACK64" -#define XATTR_SMACK_IPIN "SMACK64IPIN" -#define XATTR_SMACK_IPOUT "SMACK64IPOUT" -#define XATTR_NAME_SMACK XATTR_SECURITY_PREFIX XATTR_SMACK_SUFFIX -#define XATTR_NAME_SMACKIPIN XATTR_SECURITY_PREFIX XATTR_SMACK_IPIN -#define XATTR_NAME_SMACKIPOUT XATTR_SECURITY_PREFIX XATTR_SMACK_IPOUT - #define SMACK_CIPSO_OPTION "-CIPSO" /* diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 276bdc7325e5..c448d57ae2b7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -598,6 +598,8 @@ static int smack_inode_rename(struct inode *old_inode, static int smack_inode_permission(struct inode *inode, int mask) { struct smk_audit_info ad; + + mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); /* * No permission to check. Existence test. Yup, it's there. */ @@ -2191,7 +2193,7 @@ static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) /** * smack_d_instantiate - Make sure the blob is correct on an inode - * @opt_dentry: unused + * @opt_dentry: dentry where inode will be attached * @inode: the object * * Set the inode's security blob if it hasn't been done already. @@ -2310,20 +2312,10 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) /* * Get the dentry for xattr. */ - if (opt_dentry == NULL) { - dp = d_find_alias(inode); - if (dp == NULL) - break; - } else { - dp = dget(opt_dentry); - if (dp == NULL) - break; - } - + dp = dget(opt_dentry); fetched = smk_fetch(inode, dp); if (fetched != NULL) final = fetched; - dput(dp); break; } |