diff mbox series

[11/59] LSM: Fix logical operation in lsm_export checks

Message ID	20190409195924.1509-12-casey@schaufler-ca.com (mailing list archive)
State	Not Applicable
Headers	show Return-Path: <selinux-owner@kernel.org> From: Casey Schaufler <casey@schaufler-ca.com> To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Subject: [PATCH 11/59] LSM: Fix logical operation in lsm_export checks Date: Tue, 9 Apr 2019 12:58:36 -0700 Message-Id: <20190409195924.1509-12-casey@schaufler-ca.com> In-Reply-To: <20190409195924.1509-1-casey@schaufler-ca.com> References: <20190409195924.1509-1-casey@schaufler-ca.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk
Series	LSM: Module stacking for AppArmor \| expand [00/59] LSM: Module stacking for AppArmor [01/59] LSM: Infrastructure management of the superblock [02/59] LSM: Infrastructure management of the sock security [03/59] LSM: Infrastructure management of the key security blob [04/59] LSM: Create an lsm_export data structure. [05/59] LSM: Use lsm_export in the inode_getsecid hooks [06/59] LSM: Use lsm_export in the cred_getsecid hooks [07/59] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks [08/59] LSM: Use lsm_export in the kernel_ask_as hooks [09/59] LSM: Use lsm_export in the getpeersec_dgram hooks [10/59] LSM: Use lsm_export in the audit_rule_match hooks [11/59] LSM: Fix logical operation in lsm_export checks [12/59] LSM: Use lsm_export in the secid_to_secctx hooks [13/59] LSM: Use lsm_export in the secctx_to_secid hooks [14/59] LSM: Use lsm_export in security_audit_rule_match [15/59] LSM: Use lsm_export in security_kernel_act_as [16/59] LSM: Use lsm_export in security_socket_getpeersec_dgram [17/59] LSM: Use lsm_export in security_secctx_to_secid [18/59] LSM: Use lsm_export in security_secid_to_secctx [19/59] LSM: Use lsm_export in security_ipc_getsecid [20/59] LSM: Use lsm_export in security_task_getsecid [21/59] LSM: Use lsm_export in security_inode_getsecid [22/59] LSM: Use lsm_export in security_cred_getsecid [23/59] Audit: Change audit_sig_sid to audit_sig_lsm [24/59] Audit: Convert target_sid to an lsm_export structure [25/59] Audit: Convert osid to an lsm_export structure [26/59] IMA: Clean out lsm_export scaffolding [27/59] NET: Store LSM access information in the socket blob for UDS [28/59] NET: Remove scaffolding on secmarks [29/59] NET: Remove scaffolding on new secmarks [30/59] NET: Remove netfilter scaffolding for lsm_export [31/59] Netlabel: Replace secids with lsm_export [32/59] LSM: Remove lsm_export scaffolding functions [33/59] IMA: FIXUP prototype using lsm_export [34/59] Smack: Restore the release_secctx hook [35/59] AppArmor: Remove unnecessary hook stub [36/59] LSM: Limit calls to certain module hooks [37/59] LSM: Create a data structure for a security context [38/59] LSM: Use lsm_context in secid_to_secctx hooks [39/59] LSM: Use lsm_context in secctx_to_secid hooks [40/59] LSM: Use lsm_context in inode_getsecctx hooks

Commit Message

Casey Schaufler April 9, 2019, 7:58 p.m. UTC

Fix the logic in Smack and SELinux when checking to
see if the secid is included.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/selinux/include/objsec.h | 2 +-
 security/smack/smack_lsm.c        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff mbox series

Patch

diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index d7efc5f23c1e..59a3b1cd5ba9 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -61,7 +61,7 @@  static inline void selinux_export_secid(struct lsm_export *l, u32 secid)
 
 static inline void selinux_import_secid(struct lsm_export *l, u32 *secid)
 {
-	if (l->flags | LSM_EXPORT_SELINUX)
+	if (l->flags & LSM_EXPORT_SELINUX)
 		*secid = l->selinux;
 	else
 		*secid = SECSID_NULL;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0e048c1456ed..a3776501965d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -477,7 +477,7 @@  static inline void smack_export_secid(struct lsm_export *l, u32 secid)
 
 static inline void smack_import_secid(struct lsm_export *l, u32 *secid)
 {
-	if (l->flags | LSM_EXPORT_SMACK)
+	if (l->flags & LSM_EXPORT_SMACK)
 		*secid = l->smack;
 	else
 		*secid = 0;