diff options
Diffstat (limited to 'security/tomoyo/util.c')
| -rw-r--r-- | security/tomoyo/util.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index badffc8271c8..0517cbdd7275 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c | |||
| @@ -91,6 +91,7 @@ const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX] = { | |||
| 91 | void tomoyo_convert_time(time64_t time64, struct tomoyo_time *stamp) | 91 | void tomoyo_convert_time(time64_t time64, struct tomoyo_time *stamp) |
| 92 | { | 92 | { |
| 93 | struct tm tm; | 93 | struct tm tm; |
| 94 | |||
| 94 | time64_to_tm(time64, 0, &tm); | 95 | time64_to_tm(time64, 0, &tm); |
| 95 | stamp->sec = tm.tm_sec; | 96 | stamp->sec = tm.tm_sec; |
| 96 | stamp->min = tm.tm_min; | 97 | stamp->min = tm.tm_min; |
| @@ -113,6 +114,7 @@ void tomoyo_convert_time(time64_t time64, struct tomoyo_time *stamp) | |||
| 113 | bool tomoyo_permstr(const char *string, const char *keyword) | 114 | bool tomoyo_permstr(const char *string, const char *keyword) |
| 114 | { | 115 | { |
| 115 | const char *cp = strstr(string, keyword); | 116 | const char *cp = strstr(string, keyword); |
| 117 | |||
| 116 | if (cp) | 118 | if (cp) |
| 117 | return cp == string || *(cp - 1) == '/'; | 119 | return cp == string || *(cp - 1) == '/'; |
| 118 | return false; | 120 | return false; |
| @@ -132,6 +134,7 @@ char *tomoyo_read_token(struct tomoyo_acl_param *param) | |||
| 132 | { | 134 | { |
| 133 | char *pos = param->data; | 135 | char *pos = param->data; |
| 134 | char *del = strchr(pos, ' '); | 136 | char *del = strchr(pos, ' '); |
| 137 | |||
| 135 | if (del) | 138 | if (del) |
| 136 | *del++ = '\0'; | 139 | *del++ = '\0'; |
| 137 | else | 140 | else |
| @@ -152,6 +155,7 @@ const struct tomoyo_path_info *tomoyo_get_domainname | |||
| 152 | { | 155 | { |
| 153 | char *start = param->data; | 156 | char *start = param->data; |
| 154 | char *pos = start; | 157 | char *pos = start; |
| 158 | |||
| 155 | while (*pos) { | 159 | while (*pos) { |
| 156 | if (*pos++ != ' ' || *pos++ == '/') | 160 | if (*pos++ != ' ' || *pos++ == '/') |
| 157 | continue; | 161 | continue; |
| @@ -181,8 +185,10 @@ u8 tomoyo_parse_ulong(unsigned long *result, char **str) | |||
| 181 | const char *cp = *str; | 185 | const char *cp = *str; |
| 182 | char *ep; | 186 | char *ep; |
| 183 | int base = 10; | 187 | int base = 10; |
| 188 | |||
| 184 | if (*cp == '0') { | 189 | if (*cp == '0') { |
| 185 | char c = *(cp + 1); | 190 | char c = *(cp + 1); |
| 191 | |||
| 186 | if (c == 'x' || c == 'X') { | 192 | if (c == 'x' || c == 'X') { |
| 187 | base = 16; | 193 | base = 16; |
| 188 | cp += 2; | 194 | cp += 2; |
| @@ -240,6 +246,7 @@ bool tomoyo_parse_name_union(struct tomoyo_acl_param *param, | |||
| 240 | struct tomoyo_name_union *ptr) | 246 | struct tomoyo_name_union *ptr) |
| 241 | { | 247 | { |
| 242 | char *filename; | 248 | char *filename; |
| 249 | |||
| 243 | if (param->data[0] == '@') { | 250 | if (param->data[0] == '@') { |
| 244 | param->data++; | 251 | param->data++; |
| 245 | ptr->group = tomoyo_get_group(param, TOMOYO_PATH_GROUP); | 252 | ptr->group = tomoyo_get_group(param, TOMOYO_PATH_GROUP); |
| @@ -266,6 +273,7 @@ bool tomoyo_parse_number_union(struct tomoyo_acl_param *param, | |||
| 266 | char *data; | 273 | char *data; |
| 267 | u8 type; | 274 | u8 type; |
| 268 | unsigned long v; | 275 | unsigned long v; |
| 276 | |||
| 269 | memset(ptr, 0, sizeof(*ptr)); | 277 | memset(ptr, 0, sizeof(*ptr)); |
| 270 | if (param->data[0] == '@') { | 278 | if (param->data[0] == '@') { |
| 271 | param->data++; | 279 | param->data++; |
| @@ -429,6 +437,7 @@ static bool tomoyo_correct_word2(const char *string, size_t len) | |||
| 429 | unsigned char c; | 437 | unsigned char c; |
| 430 | unsigned char d; | 438 | unsigned char d; |
| 431 | unsigned char e; | 439 | unsigned char e; |
| 440 | |||
| 432 | if (!len) | 441 | if (!len) |
| 433 | goto out; | 442 | goto out; |
| 434 | while (len--) { | 443 | while (len--) { |
| @@ -533,6 +542,7 @@ bool tomoyo_correct_domain(const unsigned char *domainname) | |||
| 533 | return true; | 542 | return true; |
| 534 | while (1) { | 543 | while (1) { |
| 535 | const unsigned char *cp = strchr(domainname, ' '); | 544 | const unsigned char *cp = strchr(domainname, ' '); |
| 545 | |||
| 536 | if (!cp) | 546 | if (!cp) |
| 537 | break; | 547 | break; |
| 538 | if (*domainname != '/' || | 548 | if (*domainname != '/' || |
| @@ -554,6 +564,7 @@ bool tomoyo_domain_def(const unsigned char *buffer) | |||
| 554 | { | 564 | { |
| 555 | const unsigned char *cp; | 565 | const unsigned char *cp; |
| 556 | int len; | 566 | int len; |
| 567 | |||
| 557 | if (*buffer != '<') | 568 | if (*buffer != '<') |
| 558 | return false; | 569 | return false; |
| 559 | cp = strchr(buffer, ' '); | 570 | cp = strchr(buffer, ' '); |
| @@ -668,6 +679,9 @@ static bool tomoyo_file_matches_pattern2(const char *filename, | |||
| 668 | { | 679 | { |
| 669 | while (filename < filename_end && pattern < pattern_end) { | 680 | while (filename < filename_end && pattern < pattern_end) { |
| 670 | char c; | 681 | char c; |
| 682 | int i; | ||
| 683 | int j; | ||
| 684 | |||
| 671 | if (*pattern != '\\') { | 685 | if (*pattern != '\\') { |
| 672 | if (*filename++ != *pattern++) | 686 | if (*filename++ != *pattern++) |
| 673 | return false; | 687 | return false; |
| @@ -676,8 +690,6 @@ static bool tomoyo_file_matches_pattern2(const char *filename, | |||
| 676 | c = *filename; | 690 | c = *filename; |
| 677 | pattern++; | 691 | pattern++; |
| 678 | switch (*pattern) { | 692 | switch (*pattern) { |
| 679 | int i; | ||
| 680 | int j; | ||
| 681 | case '?': | 693 | case '?': |
| 682 | if (c == '/') { | 694 | if (c == '/') { |
| 683 | return false; | 695 | return false; |
| @@ -985,6 +997,7 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, | |||
| 985 | struct tomoyo_domain_info *domain, const u8 index) | 997 | struct tomoyo_domain_info *domain, const u8 index) |
| 986 | { | 998 | { |
| 987 | u8 profile; | 999 | u8 profile; |
| 1000 | |||
| 988 | memset(r, 0, sizeof(*r)); | 1001 | memset(r, 0, sizeof(*r)); |
| 989 | if (!domain) | 1002 | if (!domain) |
| 990 | domain = tomoyo_domain(); | 1003 | domain = tomoyo_domain(); |
| @@ -1018,6 +1031,7 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) | |||
| 1018 | list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { | 1031 | list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { |
| 1019 | u16 perm; | 1032 | u16 perm; |
| 1020 | u8 i; | 1033 | u8 i; |
| 1034 | |||
| 1021 | if (ptr->is_deleted) | 1035 | if (ptr->is_deleted) |
| 1022 | continue; | 1036 | continue; |
| 1023 | switch (ptr->type) { | 1037 | switch (ptr->type) { |
| @@ -1062,9 +1076,8 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) | |||
| 1062 | domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true; | 1076 | domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true; |
| 1063 | /* r->granted = false; */ | 1077 | /* r->granted = false; */ |
| 1064 | tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]); | 1078 | tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]); |
| 1065 | printk(KERN_WARNING "WARNING: " | 1079 | pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n", |
| 1066 | "Domain '%s' has too many ACLs to hold. " | 1080 | domain->domainname->name); |
| 1067 | "Stopped learning mode.\n", domain->domainname->name); | ||
| 1068 | } | 1081 | } |
| 1069 | return false; | 1082 | return false; |
| 1070 | } | 1083 | } |