diff options
| author | Haavard Skinnemoen <haavard.skinnemoen@atmel.com> | 2008-10-23 15:24:10 +0200 |
|---|---|---|
| committer | Haavard Skinnemoen <haavard.skinnemoen@atmel.com> | 2008-10-23 15:24:10 +0200 |
| commit | d9214556b11a8d18ff588e60824c12041d30f791 (patch) | |
| tree | 04ab59d13961675811a55c96fb12b2b167b72318 /security/smack/smack_access.c | |
| parent | 72a1419a9d4c859a3345e4b83f8ef7d599d3818c (diff) | |
| parent | e82c6106b04b85879d802bbbeaed30d9b10a92e2 (diff) | |
| download | kernel-crypto-d9214556b11a8d18ff588e60824c12041d30f791.tar.gz kernel-crypto-d9214556b11a8d18ff588e60824c12041d30f791.tar.xz kernel-crypto-d9214556b11a8d18ff588e60824c12041d30f791.zip | |
Merge branches 'boards' and 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/hskinnemoen/avr32-2.6
Diffstat (limited to 'security/smack/smack_access.c')
| -rw-r--r-- | security/smack/smack_access.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index f6b5f6eed6d..79ff21ed4c3 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -157,7 +157,7 @@ int smk_access(char *subject_label, char *object_label, int request) * * This function checks the current subject label/object label pair * in the access rule list and returns 0 if the access is permitted, - * non zero otherwise. It allows that current my have the capability + * non zero otherwise. It allows that current may have the capability * to override the rules. */ int smk_curacc(char *obj_label, u32 mode) @@ -168,6 +168,14 @@ int smk_curacc(char *obj_label, u32 mode) if (rc == 0) return 0; + /* + * Return if a specific label has been designated as the + * only one that gets privilege and current does not + * have that label. + */ + if (smack_onlycap != NULL && smack_onlycap != current->security) + return rc; + if (capable(CAP_MAC_OVERRIDE)) return 0; |