Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f0f9756b authored by James Morris's avatar James Morris
Browse files

Merge branch 'smack-for-4.20' of https://github.com/cschaufler/next-smack into next-smack 

From Casey: "Here are three patches for Smack for 4.20. Two clean up
warnings and one is a rarely encountered ptrace capability check."
parents 0d42d73a b1fed3ed

security/smack/smack_lsm.c

+11 −4
Original line number Diff line number Diff line
@@ -421,6 +421,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, 
	struct smk_audit_info ad, *saip = NULL;

	struct task_smack *tsp;

	struct smack_known *tracer_known;

	const struct cred *tracercred;



	if ((mode & PTRACE_MODE_NOAUDIT) == 0) {

		smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
@@ -429,7 +430,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, 
	}



	rcu_read_lock();

	tsp = __task_cred(tracer)->security;

	tracercred = __task_cred(tracer);

	tsp = tracercred->security;

	tracer_known = smk_of_task(tsp);



	if ((mode & PTRACE_MODE_ATTACH) &&
@@ -439,7 +441,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, 
			rc = 0;

		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)

			rc = -EACCES;

		else if (capable(CAP_SYS_PTRACE))

		else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))

			rc = 0;

		else

			rc = -EACCES;
@@ -1841,6 +1843,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, 
{

	struct smack_known *skp;

	struct smack_known *tkp = smk_of_task(tsk->cred->security);

	const struct cred *tcred;

	struct file *file;

	int rc;

	struct smk_audit_info ad;
@@ -1854,8 +1857,12 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, 
	skp = file->f_security;

	rc = smk_access(skp, tkp, MAY_DELIVER, NULL);

	rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);

	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))



	rcu_read_lock();

	tcred = __task_cred(tsk);

	if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))

		rc = 0;

	rcu_read_unlock();



	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);

	smk_ad_setfield_u_tsk(&ad, tsk);
@@ -3467,7 +3474,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 
		 */

		final = &smack_known_star;

		/*

		 * No break.

		 * Fall through.

		 *

		 * If a smack value has been set we want to use it,

		 * but since tmpfs isn't giving us the opportunity

security/smack/smackfs.c

+0 −3
Original line number Diff line number Diff line
@@ -2853,7 +2853,6 @@ static const struct file_operations smk_ptrace_ops = { 
static int smk_fill_super(struct super_block *sb, void *data, int silent)

{

	int rc;

	struct inode *root_inode;



	static const struct tree_descr smack_files[] = {

		[SMK_LOAD] = {
@@ -2917,8 +2916,6 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) 
		return rc;

	}



	root_inode = d_inode(sb->s_root);



	return 0;

}