projects / platform / upstream / smack.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e6f32e4)
Regression fix: don't modify smack_accesses while applying the rules.
authorRafał Krypa <rafal@krypa.net>
Thu, 14 Nov 2013 23:58:22 +0000 (00:58 +0100)
committerRafał Krypa <rafal@krypa.net>
Thu, 14 Nov 2013 23:58:27 +0000 (00:58 +0100)
Regression introduced in eaf908fd caused access_type field to be modified,
when smack_accesses_apply() is called with clear set to true.

This patch reverts that, restoring invariant that smack_accessess_apply()
doesn't modify given rule set.

libsmack/libsmack.c patch | blob | history

diff --git a/libsmack/libsmack.c b/libsmack/libsmack.c
index 9013f05..96e2bb5 100644 (file)
--- a/libsmack/libsmack.c
+++ b/libsmack/libsmack.c
@@ -50,6 +50,7 @@
 #define KERNEL_MODIFY_FORMAT "%s %s %s %s"
 #define READ_BUF_SIZE LOAD_LEN + 1
 #define SELF_LABEL_FILE "/proc/self/attr/current"
+#define ACC_CLEAR "-----"
 
 extern char *smackfs_mnt;
 
@@ -642,12 +643,7 @@ static int accesses_apply(struct smack_accesses *handle, int clear)
        }
 
        for (rule = handle->first; rule != NULL; rule = rule->next) {
-               if (clear) {
-                       strcpy(rule->access_type, "-----");
-                       rule->is_modify = 0;
-               }
-
-               if (rule->is_modify) {
+               if (rule->is_modify && !clear) {
                        fd = change_fd;
                        ret = snprintf(buf, LOAD_LEN + 1, KERNEL_MODIFY_FORMAT,
                                       rule->subject, rule->object,
@@ -658,11 +654,11 @@ static int accesses_apply(struct smack_accesses *handle, int clear)
                        if (load2)
                                ret = snprintf(buf, LOAD_LEN + 1, KERNEL_LONG_FORMAT,
                                               rule->subject, rule->object,
-                                              rule->access_type);
+                                              clear ? ACC_CLEAR : rule->access_type);
                        else
                                ret = snprintf(buf, LOAD_LEN + 1, KERNEL_SHORT_FORMAT,
                                               rule->subject, rule->object,
-                                              rule->access_type);
+                                              clear ? ACC_CLEAR : rule->access_type);
                }
 
                if (ret < 0 || fd < 0) {
Domain: Security / Access Control;