summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/smack/smack_access.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 5b970ff..999224f 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -142,8 +142,7 @@ int smk_access(struct smack_known *subject, struct smack_known *object,
* Tasks cannot be assigned the internet label.
* An internet subject can access any object.
*/
- if (object == &smack_known_web ||
- subject == &smack_known_web)
+ if (object == &smack_known_web || subject == &smack_known_web)
goto out_audit;
/*
* A star object can be accessed by any subject.
@@ -157,10 +156,11 @@ int smk_access(struct smack_known *subject, struct smack_known *object,
if (subject->smk_known == object->smk_known)
goto out_audit;
/*
- * A hat subject can read any object.
- * A floor object can be read by any subject.
+ * A hat subject can read or lock any object.
+ * A floor object can be read or locked by any subject.
*/
- if ((request & MAY_ANYREAD) == request) {
+ if ((request & MAY_ANYREAD) == request ||
+ (request & MAY_LOCK) == request) {
if (object == &smack_known_floor)
goto out_audit;
if (subject == &smack_known_hat)
OpenPOWER on IntegriCloud