[Meego-kernel] [PATCH] Smack: correct final mmap check comparison

casey.schaufler Thu, 10 Feb 2011 10:43:34 -0800

commit 75a25637bf8a1b8fbed2368c0a3ec15c66a534f1
Author: Casey Schaufler <[email protected]>
Date:   Wed Feb 9 19:58:42 2011 -0800


    Smack: correct final mmap check comparison

    The mmap policy enforcement checks the access of the
    SMACK64MMAP subject against the current subject incorrectly.
    The check as written works correctly only if the access
    rules involved have the same access. This is the common
    case, so initial testing did not find a problem.

    Signed-off-by: Casey Schaufler <[email protected]>

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 92cb715..5ab3f39 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1218,7 +1218,7 @@ static int smack_file_mmap(struct file *file,
                 * not available to a SMACK64MMAP subject
                 * deny access.
                 */
-               if ((may | mmay) != may) {
+               if ((may | mmay) != mmay) {
                        rc = -EACCES;
                        break;
                }



_______________________________________________
MeeGo-kernel mailing list
[email protected]
http://lists.meego.com/listinfo/meego-kernel

[Meego-kernel] [PATCH] Smack: correct final mmap check comparison

Reply via email to