X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=security%2Fsmack%2Fsmackfs.c;h=16efd0302f3b7e9234af0fd99e8e5d55fa3acb40;hb=eaecf3022fd49fccb1099a36ce21e8bed9a5ed5f;hp=3198cfe1dcc69fb0bcc158940c030cd125105ed5;hpb=b6e53f321ee6f4b237d8cc54fbace3217fa96e05;p=platform%2Fkernel%2Flinux-arm64.git

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 3198cfe..16efd03 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -53,6 +53,9 @@ enum smk_inos {
 	SMK_REVOKE_SUBJ	= 18,	/* set rules with subject label to '-' */
 	SMK_CHANGE_RULE	= 19,	/* change or add rules (long labels) */
 	SMK_SYSLOG	= 20,	/* change syslog label) */
+#ifdef CONFIG_SECURITY_SMACK_PERMISSIVE_MODE
+	SMK_PERMISSIVE	= 21,	/* permissive mode */
+#endif
 };
 
 /*
@@ -685,6 +688,71 @@ static const struct file_operations smk_load_ops = {
 	.release        = seq_release,
 };
 
+#ifdef CONFIG_SECURITY_SMACK_PERMISSIVE_MODE
+/**
+ * smk_read_permissive - read() for /smack/permissive
+ * @filp: file pointer, not actually used
+ * @buf: where to put the result
+ * @cn: maximum to send along
+ * @ppos: where to start
+ *
+ * Returns number of bytes read or error code, as appropriate
+ */
+static ssize_t smk_read_permissive(struct file *filp, char __user *buf,
+				size_t count, loff_t *ppos)
+{
+	char temp[32];
+	ssize_t rc;
+
+	if (*ppos != 0)
+		return 0;
+
+	sprintf(temp, "%d\n", permissive_mode);
+	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
+	return rc;
+}
+
+/**
+ * smk_write_permissive - write() for /smack/permissive
+ * @file: file pointer, not actually used
+ * @buf: where to get the data from
+ * @count: bytes sent
+ * @ppos: where to start
+ *
+ * Returns number of bytes written or error code, as appropriate
+ */
+static ssize_t smk_write_permissive(struct file *file, const char __user *buf,
+				size_t count, loff_t *ppos)
+{
+	char temp[32];
+	int i;
+
+	if (!capable(CAP_MAC_ADMIN))
+		return -EPERM;
+
+	if (count >= sizeof(temp) || count == 0)
+		return -EINVAL;
+
+	if (copy_from_user(temp, buf, count) != 0)
+		return -EFAULT;
+
+	temp[count] = '\0';
+
+	if (sscanf(temp, "%d", &i) != 1)
+		return -EINVAL;
+	if (i < 0 || i > 1)
+		return -EINVAL;
+	permissive_mode = i;
+	return count;
+}
+
+static const struct file_operations smk_permissive_ops = {
+	.read		= smk_read_permissive,
+	.write		= smk_write_permissive,
+	.llseek		= default_llseek,
+};
+#endif	/* End of CONFIG_SECURITY_SMACK_PERMISSIVE_MODE */
+
 /**
  * smk_cipso_doi - initialize the CIPSO domain
  */
@@ -2296,6 +2364,10 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
 			"change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR},
 		[SMK_SYSLOG] = {
 			"syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR},
+#ifdef CONFIG_SECURITY_SMACK_PERMISSIVE_MODE
+		[SMK_PERMISSIVE] = {
+			"permissive", &smk_permissive_ops, S_IRUGO|S_IWUSR},
+#endif
 		/* last one */
 			{""}
 	};