X-Git-Url: http://pilppa.org/gitweb/gitweb.cgi?a=blobdiff_plain;f=security%2Fsmack%2Fsmack_access.c;h=79ff21ed4c3be11b3f10f974874549617d1141a5;hb=f6d9831bb11eb465f95fb1736b866d405d9c7cbf;hp=f6b5f6eed6dd00f6aab7f9873e26dbb700984063;hpb=d870ec7281d8429ab17d2e0324f4d8ca3f3de62d;p=linux-2.6-omap-h63xx.git

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index f6b5f6eed6d..79ff21ed4c3 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -157,7 +157,7 @@ int smk_access(char *subject_label, char *object_label, int request)
  *
  * This function checks the current subject label/object label pair
  * in the access rule list and returns 0 if the access is permitted,
- * non zero otherwise. It allows that current my have the capability
+ * non zero otherwise. It allows that current may have the capability
  * to override the rules.
  */
 int smk_curacc(char *obj_label, u32 mode)
@@ -168,6 +168,14 @@ int smk_curacc(char *obj_label, u32 mode)
 	if (rc == 0)
 		return 0;
 
+	/*
+	 * Return if a specific label has been designated as the
+	 * only one that gets privilege and current does not
+	 * have that label.
+	 */
+	if (smack_onlycap != NULL && smack_onlycap != current->security)
+		return rc;
+
 	if (capable(CAP_MAC_OVERRIDE))
 		return 0;