TOMOYO: Allow using argv[]/envp[] of execve() as conditions.

This patch adds support for permission checks using argv[]/envp[] of execve()
request. Hooks are in the last patch of this pathset.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 12 insertions, 0 deletions

diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index e0502b6d586..1ac3312059f 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -358,6 +358,8 @@ void tomoyo_del_condition(struct list_head *element)
         const u16 condc = cond->condc;
         const u16 numbers_count = cond->numbers_count;
         const u16 names_count = cond->names_count;
+        const u16 argc = cond->argc;
+        const u16 envc = cond->envc;
         unsigned int i;
         const struct tomoyo_condition_element *condp
                 = (const struct tomoyo_condition_element *) (cond + 1);
@@ -365,10 +367,20 @@ void tomoyo_del_condition(struct list_head *element)
                 = (struct tomoyo_number_union *) (condp + condc);
         struct tomoyo_name_union *names_p
                 = (struct tomoyo_name_union *) (numbers_p + numbers_count);
+        const struct tomoyo_argv *argv
+                = (const struct tomoyo_argv *) (names_p + names_count);
+        const struct tomoyo_envp *envp
+                = (const struct tomoyo_envp *) (argv + argc);
         for (i = 0; i < numbers_count; i++)
                 tomoyo_put_number_union(numbers_p++);
         for (i = 0; i < names_count; i++)
                 tomoyo_put_name_union(names_p++);
+        for (i = 0; i < argc; argv++, i++)
+                tomoyo_put_name(argv->value);
+        for (i = 0; i < envc; envp++, i++) {
+                tomoyo_put_name(envp->name);
+                tomoyo_put_name(envp->value);
+        }
 }
 
 /**