From 75a25637bf8a1b8fbed2368c0a3ec15c66a534f1 Mon Sep 17 00:00:00 2001 From: Casey Schaufler Date: Wed, 9 Feb 2011 19:58:42 -0800 Subject: [PATCH] Smack: correct final mmap check comparison The mmap policy enforcement checks the access of the SMACK64MMAP subject against the current subject incorrectly. The check as written works correctly only if the access rules involved have the same access. This is the common case, so initial testing did not find a problem. Signed-off-by: Casey Schaufler --- security/smack/smack_lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 92cb71507f5..5ab3f39442f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1218,7 +1218,7 @@ static int smack_file_mmap(struct file *file, * not available to a SMACK64MMAP subject * deny access. */ - if ((may | mmay) != may) { + if ((may | mmay) != mmay) { rc = -EACCES; break; } -- 2.39.5