diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-06-20 20:58:53 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-08-02 01:34:42 -0400 |
| commit | 0617c7ff34dc9b1d641640c3953274bb2dbe21a6 (patch) | |
| tree | 6be51af32ad65380aff9b7fa385f65ef15b3d53b /security/tomoyo/common.c | |
| parent | 7c2ea22e3c5463627ca98924cd65cb9e480dc29c (diff) | |
TOMOYO: Remove alias keyword.
Some programs behave differently depending on argv[0] passed to execve().
TOMOYO has "alias" keyword in order to allow administrators to define different
domains if requested pathname passed to execve() is a symlink. But "alias"
keyword is incomplete because this keyword assumes that requested pathname and
argv[0] are identical. Thus, remove "alias" keyword (by this patch) and add
syntax for checking argv[0] (by future patches).
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/common.c')
| -rw-r--r-- | security/tomoyo/common.c | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 183fe6513400..0e6b1b598b86 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
| @@ -1177,8 +1177,6 @@ static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head) | |||
| 1177 | is_delete); | 1177 | is_delete); |
| 1178 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR)) | 1178 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR)) |
| 1179 | return tomoyo_write_aggregator_policy(data, is_delete); | 1179 | return tomoyo_write_aggregator_policy(data, is_delete); |
| 1180 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS)) | ||
| 1181 | return tomoyo_write_alias_policy(data, is_delete); | ||
| 1182 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) | 1180 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) |
| 1183 | return tomoyo_write_globally_readable_policy(data, is_delete); | 1181 | return tomoyo_write_globally_readable_policy(data, is_delete); |
| 1184 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN)) | 1182 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN)) |
| @@ -1334,16 +1332,6 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) | |||
| 1334 | w[1] = ptr->filename->name; | 1332 | w[1] = ptr->filename->name; |
| 1335 | } | 1333 | } |
| 1336 | break; | 1334 | break; |
| 1337 | case TOMOYO_ID_ALIAS: | ||
| 1338 | { | ||
| 1339 | struct tomoyo_alias_entry *ptr = | ||
| 1340 | container_of(acl, typeof(*ptr), head); | ||
| 1341 | w[0] = TOMOYO_KEYWORD_ALIAS; | ||
| 1342 | w[1] = ptr->original_name->name; | ||
| 1343 | w[2] = " "; | ||
| 1344 | w[3] = ptr->aliased_name->name; | ||
| 1345 | } | ||
| 1346 | break; | ||
| 1347 | case TOMOYO_ID_AGGREGATOR: | 1335 | case TOMOYO_ID_AGGREGATOR: |
| 1348 | { | 1336 | { |
| 1349 | struct tomoyo_aggregator_entry *ptr = | 1337 | struct tomoyo_aggregator_entry *ptr = |