Smack: Label cgroup files for systemd (36ea735b) · Commits · e / devices / android_kernel_sony_msm8998

security/smack/smack_lsm.c

+18 −12

Original line number	Diff line number	Diff line
		@@ -2821,6 +2821,15 @@ static void smack_d_instantiate(struct dentry opt_dentry, struct inode inode)
		* of the superblock.
		*/
		if (opt_dentry->d_parent == opt_dentry) {
		if (sbp->s_magic == CGROUP_SUPER_MAGIC) {
		/*
		* The cgroup filesystem is never mounted,
		* so there's no opportunity to set the mount
		* options.
		*/
		sbsp->smk_root = smack_known_star.smk_known;
		sbsp->smk_default = smack_known_star.smk_known;
		}
		isp->smk_inode = sbsp->smk_root;
		isp->smk_flags \|= SMK_INODE_INSTANT;
		goto unlockandout;
		@@ -2834,16 +2843,20 @@ static void smack_d_instantiate(struct dentry opt_dentry, struct inode inode)
		*/
		switch (sbp->s_magic) {
		case SMACK_MAGIC:
		case PIPEFS_MAGIC:
		case SOCKFS_MAGIC:
		case CGROUP_SUPER_MAGIC:
		/*
		* Casey says that it's a little embarrassing
		* that the smack file system doesn't do
		* extended attributes.
		*/
		final = smack_known_star.smk_known;
		break;
		case PIPEFS_MAGIC:
		/*
		*
		* Casey says pipes are easy (?)
		*
		* Socket access is controlled by the socket
		* structures associated with the task involved.
		*
		* Cgroupfs is special
		*/
		final = smack_known_star.smk_known;
		break;
		@@ -2855,13 +2868,6 @@ static void smack_d_instantiate(struct dentry opt_dentry, struct inode inode)
		*/
		final = ckp->smk_known;
		break;
		case SOCKFS_MAGIC:
		/*
		* Socket access is controlled by the socket
		* structures associated with the task involved.
		*/
		final = smack_known_star.smk_known;
		break;
		case PROC_SUPER_MAGIC:
		/*
		* Casey says procfs appears not to care.