Loading Documentation/security/Smack.txt +11 −0 Original line number Diff line number Diff line Loading @@ -117,6 +117,17 @@ access2 ambient This contains the Smack label applied to unlabeled network packets. change-rule This interface allows modification of existing access control rules. The format accepted on write is: "%s %s %s %s" where the first string is the subject label, the second the object label, the third the access to allow and the fourth the access to deny. The access strings may contain only the characters "rwxat-". If a rule for a given subject and object exists it will be modified by enabling the permissions in the third string and disabling those in the fourth string. If there is no such rule it will be created using the access specified in the third and the fourth strings. cipso This interface allows a specific CIPSO header to be assigned to a Smack label. The format accepted on write is: Loading include/uapi/linux/magic.h +1 −0 Original line number Diff line number Diff line Loading @@ -11,6 +11,7 @@ #define DEBUGFS_MAGIC 0x64626720 #define SECURITYFS_MAGIC 0x73636673 #define SELINUX_MAGIC 0xf97cff8c #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ #define RAMFS_MAGIC 0x858458f6 /* some random number */ #define TMPFS_MAGIC 0x01021994 #define HUGETLBFS_MAGIC 0x958458f6 /* some random number */ Loading security/smack/smack.h +0 −5 Original line number Diff line number Diff line Loading @@ -148,11 +148,6 @@ struct smack_known { #define SMACK_UNLABELED_SOCKET 0 #define SMACK_CIPSO_SOCKET 1 /* * smackfs magic number */ #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ /* * CIPSO defaults. */ Loading security/smack/smack_access.c +2 −0 Original line number Diff line number Diff line Loading @@ -252,6 +252,8 @@ static inline void smack_str_from_perm(char *string, int access) string[i++] = 'x'; if (access & MAY_APPEND) string[i++] = 'a'; if (access & MAY_TRANSMUTE) string[i++] = 't'; string[i] = '\0'; } /** Loading security/smack/smack_lsm.c +2 −2 Original line number Diff line number Diff line Loading @@ -654,7 +654,7 @@ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) /* * You also need write access to the containing directory */ smk_ad_setfield_u_fs_path_dentry(&ad, NULL); smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); smk_ad_setfield_u_fs_inode(&ad, dir); rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); } Loading Loading @@ -685,7 +685,7 @@ static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) /* * You also need write access to the containing directory */ smk_ad_setfield_u_fs_path_dentry(&ad, NULL); smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); smk_ad_setfield_u_fs_inode(&ad, dir); rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); } Loading Loading
Documentation/security/Smack.txt +11 −0 Original line number Diff line number Diff line Loading @@ -117,6 +117,17 @@ access2 ambient This contains the Smack label applied to unlabeled network packets. change-rule This interface allows modification of existing access control rules. The format accepted on write is: "%s %s %s %s" where the first string is the subject label, the second the object label, the third the access to allow and the fourth the access to deny. The access strings may contain only the characters "rwxat-". If a rule for a given subject and object exists it will be modified by enabling the permissions in the third string and disabling those in the fourth string. If there is no such rule it will be created using the access specified in the third and the fourth strings. cipso This interface allows a specific CIPSO header to be assigned to a Smack label. The format accepted on write is: Loading
include/uapi/linux/magic.h +1 −0 Original line number Diff line number Diff line Loading @@ -11,6 +11,7 @@ #define DEBUGFS_MAGIC 0x64626720 #define SECURITYFS_MAGIC 0x73636673 #define SELINUX_MAGIC 0xf97cff8c #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ #define RAMFS_MAGIC 0x858458f6 /* some random number */ #define TMPFS_MAGIC 0x01021994 #define HUGETLBFS_MAGIC 0x958458f6 /* some random number */ Loading
security/smack/smack.h +0 −5 Original line number Diff line number Diff line Loading @@ -148,11 +148,6 @@ struct smack_known { #define SMACK_UNLABELED_SOCKET 0 #define SMACK_CIPSO_SOCKET 1 /* * smackfs magic number */ #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ /* * CIPSO defaults. */ Loading
security/smack/smack_access.c +2 −0 Original line number Diff line number Diff line Loading @@ -252,6 +252,8 @@ static inline void smack_str_from_perm(char *string, int access) string[i++] = 'x'; if (access & MAY_APPEND) string[i++] = 'a'; if (access & MAY_TRANSMUTE) string[i++] = 't'; string[i] = '\0'; } /** Loading
security/smack/smack_lsm.c +2 −2 Original line number Diff line number Diff line Loading @@ -654,7 +654,7 @@ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) /* * You also need write access to the containing directory */ smk_ad_setfield_u_fs_path_dentry(&ad, NULL); smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); smk_ad_setfield_u_fs_inode(&ad, dir); rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); } Loading Loading @@ -685,7 +685,7 @@ static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) /* * You also need write access to the containing directory */ smk_ad_setfield_u_fs_path_dentry(&ad, NULL); smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); smk_ad_setfield_u_fs_inode(&ad, dir); rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); } Loading
