[RFC,08/10] Smack: Abstract the file security blob
diff mbox

Message ID d37ee2b3-ee7d-9e2e-0c1a-e5e99664d612@schaufler-ca.com
State New
Headers show

Commit Message

Casey Schaufler July 11, 2016, 7:30 p.m. UTC
Subject: [PATCH RFC 08/10] Smack: Abstract the file security blob

Abstract reading the file security blob.
Remove abstraction when writing the file security blob.
There is no change in the behavior of the code.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/smack/smack.h     | 5 +++++
 security/smack/smack_lsm.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)


--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/security/smack/smack.h b/security/smack/smack.h
index a2a98c0..d929f3d 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -343,6 +343,11 @@  static inline struct task_smack *smack_cred(const struct cred *cred)
 	return cred->security;
 }
 
+static inline struct smack_known *smack_file(const struct file *file)
+{
+	return file->f_security;
+}
+
 /*
  * Is the directory transmuting?
  */
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7ab0021..bce7c44 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1817,7 +1817,7 @@  static int smack_file_send_sigiotask(struct task_struct *tsk,
 	file = container_of(fown, struct file, f_owner);
 
 	/* we don't log here as rc can be overriden */
-	skp = file->f_security;
+	skp = smack_file(file);
 	rc = smk_access(skp, tkp, MAY_WRITE, NULL);
 	rc = smk_bu_note("sigiotask", skp, tkp, MAY_WRITE, rc);
 	if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))