Smack: correct final mmap check comparison

The mmap policy enforcement checks the access of the SMACK64MMAP subject against the current subject incorrectly. The check as written works correctly only if the access rules involved have the same access. This is the common case, so initial testing did not find a problem. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
author: Casey Schaufler <casey@schaufler-ca.com> 2011-02-09 19:58:42 -0800
committer: Casey Schaufler <casey@schaufler-ca.com> 2011-02-09 19:58:42 -0800
commit: 75a25637bf8a1b8fbed2368c0a3ec15c66a534f1 (patch)
tree: 038d52827d9a285fed1bb384f06d7adabf4ef674 /security/smack
parent: security:smack: kill unused SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE (diff)
download: linux-dev-75a25637bf8a1b8fbed2368c0a3ec15c66a534f1.tar.xz
linux-dev-75a25637bf8a1b8fbed2368c0a3ec15c66a534f1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 92cb71507f5b..5ab3f39442f2 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1218,7 +1218,7 @@ static int smack_file_mmap(struct file *file,
 		 * not available to a SMACK64MMAP subject
 		 * deny access.
 		 */
-		if ((may | mmay) != may) {
+		if ((may | mmay) != mmay) {
 			rc = -EACCES;
 			break;
 		}
author	Casey Schaufler <casey@schaufler-ca.com>	2011-02-09 19:58:42 -0800
committer	Casey Schaufler <casey@schaufler-ca.com>	2011-02-09 19:58:42 -0800
commit	75a25637bf8a1b8fbed2368c0a3ec15c66a534f1 (patch)
tree	038d52827d9a285fed1bb384f06d7adabf4ef674 /security/smack
parent	security:smack: kill unused SMACK_LIST_MAX, MAY_ANY and MAY_ANYWRITE (diff)
download	linux-dev-75a25637bf8a1b8fbed2368c0a3ec15c66a534f1.tar.xz linux-dev-75a25637bf8a1b8fbed2368c0a3ec15c66a534f1.zip