git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit

author	Zoran Markovic <zmarkovic@sierrawireless.com>
	Wed, 17 Oct 2018 23:25:44 +0000 (16:25 -0700)
committer	Casey Schaufler <casey.schaufler@intel.com>
	Mon, 3 Dec 2018 19:57:55 +0000 (11:57 -0800)
commit	5b841bfab695e3b8ae793172a9ff7990f99cc3e2
tree	5cb5dd112e5f414a1008adef5c5aa061441851af	tree
parent	26b76320a8a550472bbb8f42257df83fcb8d8df6	commit \| diff

smack: fix access permissions for keyring

Function smack_key_permission() only issues smack requests for the
following operations:
- KEY_NEED_READ (issues MAY_READ)
- KEY_NEED_WRITE (issues MAY_WRITE)
- KEY_NEED_LINK (issues MAY_WRITE)
- KEY_NEED_SETATTR (issues MAY_WRITE)
A blank smack request is issued in all other cases, resulting in
smack access being granted if there is any rule defined between
subject and object, or denied with -EACCES otherwise.

Request MAY_READ access for KEY_NEED_SEARCH and KEY_NEED_VIEW.
Fix the logic in the unlikely case when both MAY_READ and
MAY_WRITE are needed. Validate access permission field for valid
contents.

Signed-off-by: Zoran Markovic <zmarkovic@sierrawireless.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>