Smack: correct final mmap check comparison · 75a25637bf - Gogs

Smack: correct final mmap check comparison

The mmap policy enforcement checks the access of the
SMACK64MMAP subject against the current subject incorrectly.
The check as written works correctly only if the access
rules involved have the same access. This is the common
case, so initial testing did not find a problem.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

Casey Schaufler 14 년 전

부모

db904aa814

커밋

75a25637bf

1개의 변경된 파일과 1개의 추가작업 그리고 1개의 파일을 삭제

분할 보기 변경상태 보기

						
							+ 1
							
							- 1
						
security/smack/smack_lsm.c
							 
								파일 보기
							
				@@ -1218,7 +1218,7 @@ static int smack_file_mmap(struct file *file,
			
				 		 * not available to a SMACK64MMAP subject
			
				 		 * deny access.
			
				 		 */
			
				-		if ((may | mmay) != may) {
			
				+		if ((may | mmay) != mmay) {
			
				 			rc = -EACCES;
			
				 			break;
			
				 		}