Merge tag 'Smack-for-6.3' of https://github.com/cschaufler/smack-next

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull smack update from Casey Schaufler:
"One fix for resetting CIPSO labeling"

* tag 'Smack-for-6.3' of https://github.com/cschaufler/smack-next:
smackfs: Added check catlen

Linus Torvalds 3 years ago 77bc1bb1 291a73a8

+14 -3

1 changed file

expand all

security

smack

smackfs.c

+14 -3

security/smack/smackfs.c

··· 830 830 static ssize_t smk_set_cipso(struct file *file, const char __user *buf, 831 831 size_t count, loff_t *ppos, int format) 832 832 { 833 - struct netlbl_lsm_catmap *old_cat; 833 + struct netlbl_lsm_catmap *old_cat, *new_cat = NULL; 834 834 struct smack_known *skp; 835 835 struct netlbl_lsm_secattr ncats; 836 836 char mapcatset[SMK_CIPSOLEN]; ··· 917 917 918 918 smack_catset_bit(cat, mapcatset); 919 919 } 920 - 921 - rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN); 920 + ncats.flags = 0; 921 + if (catlen == 0) { 922 + ncats.attr.mls.cat = NULL; 923 + ncats.attr.mls.lvl = maplevel; 924 + new_cat = netlbl_catmap_alloc(GFP_ATOMIC); 925 + if (new_cat) 926 + new_cat->next = ncats.attr.mls.cat; 927 + ncats.attr.mls.cat = new_cat; 928 + skp->smk_netlabel.flags &= ~(1U << 3); 929 + rc = 0; 930 + } else { 931 + rc = smk_netlbl_mls(maplevel, mapcatset, &ncats, SMK_CIPSOLEN); 932 + } 922 933 if (rc >= 0) { 923 934 old_cat = skp->smk_netlabel.attr.mls.cat; 924 935 skp->smk_netlabel.attr.mls.cat = ncats.attr.mls.cat;