diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-01-31 13:10:22 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-01-31 13:10:22 -0800 |
commit | 2a7149031457c5dd05f670737a9dd5d32524f145 (patch) | |
tree | c41f725c2440cfc5d2f12e36c71c1af1e4649324 /security/smack/smack_lsm.c | |
parent | 3c29548f87f9545f2f3c1cd1a784fae8ad2d53ba (diff) | |
parent | d19dfe58b7ecbef3bd0c403c650200c57913ba1b (diff) | |
download | linux-2a7149031457c5dd05f670737a9dd5d32524f145.tar.gz linux-2a7149031457c5dd05f670737a9dd5d32524f145.tar.xz |
Merge branch 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull smack updates from James Morris:
"Two minor fixes"
* 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
Smack: Privilege check on key operations
Smack: fix dereferenced before check
Diffstat (limited to 'security/smack/smack_lsm.c')
-rw-r--r-- | security/smack/smack_lsm.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 14cc7940b36d..03fdecba93bb 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2866,12 +2866,16 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, #endif #ifdef SMACK_IPV6_SECMARK_LABELING struct smack_known *rsp; - struct socket_smack *ssp = sock->sk->sk_security; + struct socket_smack *ssp; #endif if (sock->sk == NULL) return 0; +#ifdef SMACK_IPV6_SECMARK_LABELING + ssp = sock->sk->sk_security; +#endif + switch (sock->sk->sk_family) { case PF_INET: if (addrlen < sizeof(struct sockaddr_in)) @@ -4365,6 +4369,10 @@ static int smack_key_permission(key_ref_t key_ref, */ if (tkp == NULL) return -EACCES; + + if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred)) + return 0; + #ifdef CONFIG_AUDIT smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); ad.a.u.key_struct.key = keyp->serial; |