Smack: correct final mmap check comparison

The mmap policy enforcement checks the access of the SMACK64MMAP subject against the current subject incorrectly. The check as written works correctly only if the access rules involved have the same access. This is the common case, so initial testing did not find a problem. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

Smack: correct final mmap check comparison
The mmap policy enforcement checks the access of the SMACK64MMAP subject against the current subject incorrectly. The check as written works correctly only if the access rules involved have the same access. This is the common case, so initial testing did not find a problem. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
75a25637 · Casey Schaufler · db904aa8 · 75a25637
Commit 75a25637 authored Feb 09, 2011 by Casey Schaufler
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

security/smack/smack_lsm.c security/smack/smack_lsm.c +1 -1

No files found.
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1218,7 +1218,7 @@ static int smack_file_mmap(struct file *file,
 		 * not available to a SMACK64MMAP subject
 		 * deny access.
 		 */
-		if ((may | mmay) != may) {
+		if ((may | mmay) != mmay) {
 			rc = -EACCES;
 			break;
 		}