review.tizen.org Git - platform/kernel/linux-stable.git/commit

author	Casey Schaufler <casey@schaufler-ca.com>
	Sat, 13 Dec 2014 01:19:19 +0000 (17:19 -0800)
committer	Rafal Krypa <r.krypa@samsung.com>
	Thu, 30 Jun 2016 12:57:44 +0000 (14:57 +0200)
commit	6db568822e1216ccb31a321fdcd0d1653b909df2
tree	7b9439cd9de6334d773e6804387f6b03386e7760	tree \| snapshot
parent	6294db461a1d67904eb409e5c3b2418f3e9c39d3	commit \| diff

BACKPORT: Smack: Rework file hooks

This is one of those cases where you look at code you did
years ago and wonder what you might have been thinking.
There are a number of LSM hooks that work off of file pointers,
and most of them really want the security data from the inode.
Some, however, really want the security context that the process
had when the file was opened. The difference went undetected in
Smack until it started getting used in a real system with real
testing. At that point it was clear that something was amiss.

This patch corrects the misuse of the f_security value in several
of the hooks. The behavior will not usually be any different, as
the process had to be able to open the file in the first place, and
the old check almost always succeeded, as will the new, but for
different reasons.

Thanks to the Samsung Tizen development team that identified this.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
(cherry-picked from upstream 5e7270a6dd14fa6e3bb10128f200305b4a75f350)