Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / c0ab6e56dcb7ca9903d460247cb464e769ae6e77
commitc0ab6e56dcb7ca9903d460247cb464e769ae6e77[log] [tgz]
authorCasey Schaufler <casey@schaufler-ca.com>Fri Oct 11 18:06:39 2013 -0700
committerCasey Schaufler <casey@schaufler-ca.com>Fri Oct 18 09:39:33 2013 -0700
tree52da39cb2798c0a4276d0d23fa3b4f1dbcd732f2
parent5a5f2acfd04269e2e0958067216b68ff461c285c [diff]
Smack: Implement lock security mode

Linux file locking does not follow the same rules
as other mechanisms. Even though it is a write operation
a process can set a read lock on files which it has open
only for read access. Two programs with read access to
a file can use read locks to communicate.

This is not acceptable in a Mandatory Access Control
environment. Smack treats setting a read lock as the
write operation that it is. Unfortunately, many programs
assume that setting a read lock is a read operation.
These programs are unhappy in the Smack environment.

This patch introduces a new access mode (lock) to address
this problem. A process with lock access to a file can
set a read lock. A process with write access to a file can
set a read lock or a write lock. This prevents a situation
where processes are granted write access just so they can
set read locks.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
4 files changed
tree: 52da39cb2798c0a4276d0d23fa3b4f1dbcd732f2
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS