From c9d238a18baa92600ba015d6d6c2cde53f55c572 Mon Sep 17 00:00:00 2001 From: Himanshu Shukla Date: Wed, 23 Nov 2016 11:59:45 +0530 Subject: SMACK: Use smk_tskacc() instead of smk_access() for proper logging smack_file_open() is first checking the capability of calling subject, this check will skip the SMACK logging for success case. Use smk_tskacc() for proper logging and SMACK access check. Signed-off-by: Himanshu Shukla Signed-off-by: Casey Schaufler --- security/smack/smack_lsm.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'security/smack') diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 4dd458a..681583d 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1955,12 +1955,9 @@ static int smack_file_open(struct file *file, const struct cred *cred) struct smk_audit_info ad; int rc; - if (smack_privileged(CAP_MAC_OVERRIDE)) - return 0; - smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, file->f_path); - rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad); + rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); rc = smk_bu_credfile(cred, file, MAY_READ, rc); return rc; -- cgit v1.1