Skip to content

Commit c9d238a

Browse files
Himanshu Shuklacschaufler
Himanshu Shukla
authored and
cschaufler
committed
SMACK: Use smk_tskacc() instead of smk_access() for proper logging
smack_file_open() is first checking the capability of calling subject, this check will skip the SMACK logging for success case. Use smk_tskacc() for proper logging and SMACK access check. Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
1 parent 348dc28 commit c9d238a

File tree

1 file changed

+1
-4
lines changed

1 file changed

+1
-4
lines changed

security/smack/smack_lsm.c

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1955,12 +1955,9 @@ static int smack_file_open(struct file *file, const struct cred *cred)
19551955
struct smk_audit_info ad;
19561956
int rc;
19571957

1958-
if (smack_privileged(CAP_MAC_OVERRIDE))
1959-
return 0;
1960-
19611958
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
19621959
smk_ad_setfield_u_fs_path(&ad, file->f_path);
1963-
rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad);
1960+
rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
19641961
rc = smk_bu_credfile(cred, file, MAY_READ, rc);
19651962

19661963
return rc;

0 commit comments

Comments
 (0)