[PATCH 80/97] Smack: Advertise the secid to netlabel
Casey Schaufler
casey at schaufler-ca.com
Thu Feb 28 22:43:39 UTC 2019
Add the secid to the attributes shared with netlabel.
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
security/smack/smack_access.c | 8 ++++++--
security/smack/smackfs.c | 8 ++++++--
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index fe2ce3a65822..0764bb85daee 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -549,8 +549,12 @@ struct smack_known *smk_import_entry(const char *string, int len)
skp->smk_known = smack;
skp->smk_secid = smack_next_secid++;
skp->smk_netlabel.domain = skp->smk_known;
- skp->smk_netlabel.flags =
- NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
+ lsm_export_init(&skp->smk_netlabel.attr.le);
+ skp->smk_netlabel.attr.le.flags = LSM_EXPORT_SMACK;
+ skp->smk_netlabel.attr.le.smack = skp->smk_secid;
+ skp->smk_netlabel.flags = NETLBL_SECATTR_DOMAIN |
+ NETLBL_SECATTR_MLS_LVL |
+ NETLBL_SECATTR_SECID;
/*
* If direct labeling works use it.
* Otherwise use mapped labeling.
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 28c567465f6c..abaa5325c32f 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -2953,8 +2953,12 @@ static struct vfsmount *smackfs_mount;
static int __init smk_preset_netlabel(struct smack_known *skp)
{
skp->smk_netlabel.domain = skp->smk_known;
- skp->smk_netlabel.flags =
- NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
+ lsm_export_init(&skp->smk_netlabel.attr.le);
+ skp->smk_netlabel.attr.le.flags = LSM_EXPORT_SMACK;
+ skp->smk_netlabel.attr.le.smack = skp->smk_secid;
+ skp->smk_netlabel.flags = NETLBL_SECATTR_DOMAIN |
+ NETLBL_SECATTR_MLS_LVL |
+ NETLBL_SECATTR_SECID;
return smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
&skp->smk_netlabel, strlen(skp->smk_known));
}
--
2.17.0
More information about the Linux-security-module-archive
mailing list