summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorRafal Krypa <r.krypa@samsung.com>2012-07-09 19:36:34 +0200
committerCasey Schaufler <casey@schaufler-ca.com>2012-07-14 00:49:24 +0200
commit65ee7f45cf075adcdd6b6ef365f5a5507f1ea5c5 (patch)
treef674119c2d4e6eb877bb283dce89bdafa0442fa4 /security
parentSmack: user access check bounds (diff)
downloadlinux-65ee7f45cf075adcdd6b6ef365f5a5507f1ea5c5.tar.xz
linux-65ee7f45cf075adcdd6b6ef365f5a5507f1ea5c5.zip
Smack: don't show empty rules when /smack/load or /smack/load2 is read
This patch removes empty rules (i.e. with access set to '-') from the rule list presented to user space. Smack by design never removes labels nor rules from its lists. Access for a rule may be set to '-' to effectively disable it. Such rules would show up in the listing generated when /smack/load or /smack/load2 is read. This may cause clutter if many rules were disabled. As a rule with access set to '-' is equivalent to no rule at all, they may be safely hidden from the listing. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Rafal Krypa <r.krypa@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
-rw-r--r--security/smack/smackfs.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 29b760d6b746..d31e6d957c21 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -518,6 +518,9 @@ static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
if (strlen(srp->smk_subject) >= max || strlen(srp->smk_object) >= max)
return;
+ if (srp->smk_access == 0)
+ return;
+
seq_printf(s, "%s %s", srp->smk_subject, srp->smk_object);
seq_putc(s, ' ');
@@ -532,8 +535,6 @@ static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
seq_putc(s, 'a');
if (srp->smk_access & MAY_TRANSMUTE)
seq_putc(s, 't');
- if (srp->smk_access == 0)
- seq_putc(s, '-');
seq_putc(s, '\n');
}