summaryrefslogtreecommitdiffstats
path: root/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0027-bugfix-patch-for-SMACK.patch
diff options
context:
space:
mode:
authorYannick GICQUEL <yannick.gicquel@iot.bzh>2015-10-19 15:57:07 +0200
committerGerrit Code Review <gerrit@172.30.200.200>2015-11-06 15:23:36 +0000
commitede19ea0c47fb23f3fc779833d1e57cf76f3371e (patch)
tree47d6fae2283c54def1871aaf2a73828ac68b1b34 /meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0027-bugfix-patch-for-SMACK.patch
parent1cd8ab18abca96e4ee108f80225058d875b28347 (diff)
kernel: smack security backport from kernel 4
Here is the backport of all patches relating to smack support on kernel side. For more details, see file: meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/README Please note that patches are applied only if "smack" is in the ditro features. Here are the 2 lines to add in the local.conf OVERRIDES .= ":smack" DISTRO_FEATURES_append = " smack" Change-Id: I147a3532aec531f977d6ec34c576261835711f1e Signed-off-by: Yannick GICQUEL <yannick.gicquel@iot.bzh> Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0027-bugfix-patch-for-SMACK.patch')
-rw-r--r--meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0027-bugfix-patch-for-SMACK.patch43
1 files changed, 43 insertions, 0 deletions
diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0027-bugfix-patch-for-SMACK.patch b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0027-bugfix-patch-for-SMACK.patch
new file mode 100644
index 0000000..5f78abf
--- /dev/null
+++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0027-bugfix-patch-for-SMACK.patch
@@ -0,0 +1,43 @@
+From 20a88e69ded71ba364c477c824c8173efeab873f Mon Sep 17 00:00:00 2001
+From: Pankaj Kumar <pankaj.k2@samsung.com>
+Date: Fri, 13 Dec 2013 15:12:22 +0530
+Subject: [PATCH 27/54] bugfix patch for SMACK
+
+1. In order to remove any SMACK extended attribute from a file, a user
+should have CAP_MAC_ADMIN capability. But user without having this
+capability is able to remove SMACK64MMAP security attribute.
+
+2. While validating size and value of smack extended attribute in
+smack_inode_setsecurity hook, wrong error code is returned.
+
+Signed-off-by: Pankaj Kumar <pamkaj.k2@samsung.com>
+Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
+---
+ security/smack/smack_lsm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
+index 91a447a..b47fd5f 100644
+--- a/security/smack/smack_lsm.c
++++ b/security/smack/smack_lsm.c
+@@ -1018,7 +1018,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
+ strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
+ strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
+ strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
+- strcmp(name, XATTR_NAME_SMACKMMAP)) {
++ strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
+ if (!smack_privileged(CAP_MAC_ADMIN))
+ rc = -EPERM;
+ } else
+@@ -2156,7 +2156,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
+ int rc = 0;
+
+ if (value == NULL || size > SMK_LONGLABEL || size == 0)
+- return -EACCES;
++ return -EINVAL;
+
+ skp = smk_import_entry(value, size);
+ if (skp == NULL)
+--
+2.1.4
+