[PATCH] smack lsm bug fixes

[Pankaj Kumar]

From 8fa425d071b7d4cfdf6bcb89d789138a13529d06 Mon Sep 17 00:00:00 2001
From: Pankaj Kumar <pankaj...@samsung.com>
Date: Mon, 17 Feb 2014 10:36:26 +0530
Subject: [PATCH] smack lsm bug fixes

1. In order to remove any SMACK extended attribute from a file, a user
should have CAP_MAC_ADMIN capability. But any user without this
capability is able to remove SMACK64MMAP security attribute. This error
has been corrected by a modification in smack_inode_removexattr hook.

2. While setting extended attribute in smack_inode_setsecurity hook,
'-EACCES' error is returned if extended attribute size or value is not
correct. This is wrong error rather this is invalid extended attribute
case. Corrected error '-EINVAL' shall be returned.
---
 security/smack/smack_lsm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 14f52be..e1b1650 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -938,7 +938,7 @@ static int smack_inode_removexattr(struct dentry *dentry, 
const char *name)
            strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
            strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
            strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
-           strcmp(name, XATTR_NAME_SMACKMMAP)) {
+           strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
                if (!smack_privileged(CAP_MAC_ADMIN))
                        rc = -EPERM;
        } else
@@ -2076,7 +2076,7 @@ static int smack_inode_setsecurity(struct inode *inode, 
const char *name,
        int rc = 0;
 
        if (value == NULL || size > SMK_LONGLABEL || size == 0)
-               return -EACCES;
+               return -EINVAL;
 
        skp = smk_import_entry(value, size);
        if (skp == NULL)
-- 
1.8.1.2

N�����r��y����b�X��ǧv�^�)޺{.n�+����{����zX����ܨ}���Ơz�&j:+v�������zZ+��+zf���h���~����i���z��w���?�����&�)ߢf��^jǫy�m��@A�a���
0��h���i