summaryrefslogtreecommitdiffstats
path: root/meta-agl-core/recipes-kernel/linux
diff options
context:
iv>
--
-- rc = cap_capable(current_cred(), &init_user_ns, cap,
-- SECURITY_CAP_AUDIT);
-+ rc = cap_capable(cred, &init_user_ns, cap, SECURITY_CAP_AUDIT);
- if (rc)
- return false;
-
-@@ -662,3 +660,23 @@ bool smack_privileged(int cap)
-
- return false;
- }
-+
-+/**
-+ * smack_privileged - are all privilege requirements met
-+ * @cap: The requested capability
-+ *
-+ * Is the task privileged and allowed to be privileged
-+ * by the onlycap rule.
-+ *
-+ * Returns true if the task is allowed to be privileged, false if it's not.
-+ */
-+bool smack_privileged(int cap)
-+{
-+ /*
-+ * All kernel tasks are privileged
-+ */
-+ if (unlikely(current->flags & PF_KTHREAD))
-+ return true;
-+
-+ return smack_privileged_cred(cap, current_cred());
-+}
-diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index 30f2c3d..03fdecb 100644
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -4369,6 +4369,10 @@ static int smack_key_permission(key_ref_t key_ref,
- */
- if (tkp == NULL)
- return -EACCES;
-+
-+ if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
-+ return 0;
-+
- #ifdef CONFIG_AUDIT
- smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
- ad.a.u.key_struct.key = keyp->serial;
-
diff --git a/meta-agl-core/recipes-kernel/linux/linux-agl-4.14.inc b/meta-agl-core/recipes-kernel/linux/linux-agl-4.14.inc
index 8476f343b..9ab3d34af 100644
--- a/meta-agl-core/recipes-kernel/linux/linux-agl-4.14.inc
+++ b/meta-agl-core/recipes-kernel/linux/linux-agl-4.14.inc
@@ -1,13 +1,5 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/linux-4.14:"
-#-------------------------------------------------------------------------
-# smack patches for kernels keys
-
-SRC_URI:append:with-lsm-smack = "\
- file://Smack-Privilege-check-on-key-operations.patch \
- file://Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch \
- "
-
SRC_URI:append = "\
file://net-sch_generic-add-if_afp.h-header-to-get-ARPHRD_CA.patch \
file://net-sch_generic-Use-pfifo_fast-as-fallback-scheduler.patch \