Minor improvement of 'smack_sb_kern_mount'

[platform/adaptation/renesas_rcar/renesas_kernel.git] / security / smack / smack_lsm.c

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index f0ebcb0..816e785 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -413,9 +413,11 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
         * Initialize the root inode.
         */
        isp = inode->i_security;
-       if (inode->i_security == NULL) {
-               inode->i_security = new_inode_smack(sp->smk_root);
-               isp = inode->i_security;
+       if (isp == NULL) {
+               isp = new_inode_smack(sp->smk_root);
+               if (isp == NULL)
+                       return -ENOMEM;
+               inode->i_security = isp;
        } else
                isp->smk_inode = sp->smk_root;
 
@@ -3514,11 +3516,12 @@ static void smack_key_free(struct key *key)
  * an error code otherwise
  */
 static int smack_key_permission(key_ref_t key_ref,
-                               const struct cred *cred, key_perm_t perm)
+                               const struct cred *cred, unsigned perm)
 {
        struct key *keyp;
        struct smk_audit_info ad;
        struct smack_known *tkp = smk_of_task(cred->security);
+       int request = 0;
 
        keyp = key_ref_to_ptr(key_ref);
        if (keyp == NULL)
@@ -3539,7 +3542,11 @@ static int smack_key_permission(key_ref_t key_ref,
        ad.a.u.key_struct.key = keyp->serial;
        ad.a.u.key_struct.key_desc = keyp->description;
 #endif
-       return smk_access(tkp, keyp->security, MAY_READWRITE, &ad);
+       if (perm & KEY_NEED_READ)
+               request = MAY_READ;
+       if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
+               request = MAY_WRITE;
+       return smk_access(tkp, keyp->security, request, &ad);
 }
 #endif /* CONFIG_KEYS */