1 files changed, 16 insertions, 1 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 355b536262b1..43977083254b 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -59,6 +59,20 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
 }
 /**
+ * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
+ *
+ * @a: Pointer to "struct tomoyo_acl_info".
+ * @b: Pointer to "struct tomoyo_acl_info".
+ *
+ * Returns true if @a == @b, false otherwise.
+ */
+static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,
+                                        const struct tomoyo_acl_info *b)
+{
+        return a->type == b->type;
+}
+/**
 * tomoyo_update_domain - Update an entry for domain policy.
 *
 * @new_entry:       Pointer to "struct tomoyo_acl_info".
@@ -88,7 +102,8 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
        if (mutex_lock_interruptible(&tomoyo_policy_lock))
                return error;
        list_for_each_entry_rcu(entry, &domain->acl_info_list, list) {
-                if (!check_duplicate(entry, new_entry))
+                if (!tomoyo_same_acl_head(entry, new_entry) ||
+                    !check_duplicate(entry, new_entry))
                        continue;
                if (merge_duplicate)
                        entry->is_deleted = merge_duplicate(entry, new_entry,

diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 355b536262b1..43977083254b 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c
@@ -59,6 +59,20 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
59	}	59	}
60		60
61	/**	61	/**
		62	* tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
		63	*
		64	* @a: Pointer to "struct tomoyo_acl_info".
		65	* @b: Pointer to "struct tomoyo_acl_info".
		66	*
		67	* Returns true if @a == @b, false otherwise.
		68	*/
		69	static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,
		70	const struct tomoyo_acl_info *b)
		71	{
		72	return a->type == b->type;
		73	}
		74
		75	/**
62	* tomoyo_update_domain - Update an entry for domain policy.	76	* tomoyo_update_domain - Update an entry for domain policy.
63	*	77	*
64	* @new_entry: Pointer to "struct tomoyo_acl_info".	78	* @new_entry: Pointer to "struct tomoyo_acl_info".
@@ -88,7 +102,8 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
88	if (mutex_lock_interruptible(&tomoyo_policy_lock))	102	if (mutex_lock_interruptible(&tomoyo_policy_lock))
89	return error;	103	return error;
90	list_for_each_entry_rcu(entry, &domain->acl_info_list, list) {	104	list_for_each_entry_rcu(entry, &domain->acl_info_list, list) {
91	if (!check_duplicate(entry, new_entry))	105	if (!tomoyo_same_acl_head(entry, new_entry) \|\|
		106	!check_duplicate(entry, new_entry))
92	continue;	107	continue;
93	if (merge_duplicate)	108	if (merge_duplicate)
94	entry->is_deleted = merge_duplicate(entry, new_entry,	109	entry->is_deleted = merge_duplicate(entry, new_entry,