SMACK: Use smk_tskacc() instead of smk_access() for proper logging
authorHimanshu Shukla <himanshu.sh@samsung.com>
Wed, 23 Nov 2016 06:29:45 +0000 (11:59 +0530)
committerCasey Schaufler <casey@schaufler-ca.com>
Tue, 10 Jan 2017 17:47:20 +0000 (09:47 -0800)
smack_file_open() is first checking the capability of calling subject,
this check will skip the SMACK logging for success case. Use smk_tskacc()
for proper logging and SMACK access check.

Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
security/smack/smack_lsm.c

index 4dd458a2b1e856ddf3c2e2886ba8497d5a692f4c..681583d66c0e94c7d7d13ad2cd2f78cf30571289 100644 (file)
@@ -1955,12 +1955,9 @@ static int smack_file_open(struct file *file, const struct cred *cred)
        struct smk_audit_info ad;
        int rc;
 
-       if (smack_privileged(CAP_MAC_OVERRIDE))
-               return 0;
-
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
        smk_ad_setfield_u_fs_path(&ad, file->f_path);
-       rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad);
+       rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
        rc = smk_bu_credfile(cred, file, MAY_READ, rc);
 
        return rc;