TOMOYO: Add pathname aggregation support.

This patch allows users to aggregate programs which provide similar
functionality (e.g. /usr/bin/vi and /usr/bin/emacs ).

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 4 insertions, 0 deletions

diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 3f94011c6411..bdf1ed7ca45b 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1141,6 +1141,8 @@ static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
         if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN))
                 return tomoyo_write_domain_initializer_policy(data, true,
                                                               is_delete);
+        if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR))
+                return tomoyo_write_aggregator_policy(data, is_delete);
         if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS))
                 return tomoyo_write_alias_policy(data, is_delete);
         if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ))
@@ -1196,6 +1198,8 @@ static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
                         head->read_var2 = NULL;
                         head->read_step = 6;
                 case 6:
+                        if (!tomoyo_read_aggregator_policy(head))
+                                break;
                         head->read_var2 = NULL;
                         head->read_step = 7;
                 case 7: