[PATCH 75/90] Smack: Fix setting of the CIPSO MLS_CAT flags
Casey Schaufler
casey at schaufler-ca.com
Fri Apr 19 00:46:02 UTC 2019
Don't tell CIPSO that a netlabel created by Smack has
categories set when it does not.
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
security/smack/smack_access.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 0764bb85daee..5fe5c6799b27 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -494,8 +494,8 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
int cat;
int rc;
int byte;
+ bool has = false;
- sap->flags |= NETLBL_SECATTR_MLS_CAT;
sap->attr.mls.lvl = level;
sap->attr.mls.cat = NULL;
@@ -503,6 +503,7 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
for (m = 0x80; m != 0; m >>= 1, cat++) {
if ((m & *cp) == 0)
continue;
+ has = true;
rc = netlbl_catmap_setbit(&sap->attr.mls.cat,
cat, GFP_KERNEL);
if (rc < 0) {
@@ -511,6 +512,9 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
}
}
+ if (has)
+ sap->flags |= NETLBL_SECATTR_MLS_CAT;
+
return 0;
}
--
2.19.1
More information about the Linux-security-module-archive
mailing list