aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/common.h
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-07-29 01:29:55 -0400
committerJames Morris <jmorris@namei.org>2010-08-02 01:38:38 -0400
commit484ca79c653121d3c79fffb86e1deea724f2e20b (patch)
tree457aa73e37c9b5e5b4306430f40d1985b59ca226 /security/tomoyo/common.h
parent4d6ec10bb4461fdc9a9ab94ef32934e13564e873 (diff)
TOMOYO: Use pathname specified by policy rather than execve()
Commit c9e69318 "TOMOYO: Allow wildcard for execute permission." changed execute permission and domainname to accept wildcards. But tomoyo_find_next_domain() was using pathname passed to execve() rather than pathname specified by the execute permission. As a result, processes were not able to transit to domains which contain wildcards in their domainnames. This patch passes pathname specified by the execute permission back to tomoyo_find_next_domain() so that processes can transit to domains which contain wildcards in their domainnames. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r--security/tomoyo/common.h14
1 files changed, 9 insertions, 5 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 2ffad6138555..04454cb7b24a 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -246,6 +246,8 @@ struct tomoyo_request_info {
246 union { 246 union {
247 struct { 247 struct {
248 const struct tomoyo_path_info *filename; 248 const struct tomoyo_path_info *filename;
249 /* For using wildcards at tomoyo_find_next_domain(). */
250 const struct tomoyo_path_info *matched_path;
249 u8 operation; 251 u8 operation;
250 } path; 252 } path;
251 struct { 253 struct {
@@ -718,8 +720,9 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
718/* Print out of memory warning message. */ 720/* Print out of memory warning message. */
719void tomoyo_warn_oom(const char *function); 721void tomoyo_warn_oom(const char *function);
720/* Check whether the given name matches the given name_union. */ 722/* Check whether the given name matches the given name_union. */
721bool tomoyo_compare_name_union(const struct tomoyo_path_info *name, 723const struct tomoyo_path_info *
722 const struct tomoyo_name_union *ptr); 724tomoyo_compare_name_union(const struct tomoyo_path_info *name,
725 const struct tomoyo_name_union *ptr);
723/* Check whether the given number matches the given number_union. */ 726/* Check whether the given number matches the given number_union. */
724bool tomoyo_compare_number_union(const unsigned long value, 727bool tomoyo_compare_number_union(const unsigned long value,
725 const struct tomoyo_number_union *ptr); 728 const struct tomoyo_number_union *ptr);
@@ -736,8 +739,9 @@ bool tomoyo_domain_def(const unsigned char *buffer);
736bool tomoyo_parse_name_union(const char *filename, 739bool tomoyo_parse_name_union(const char *filename,
737 struct tomoyo_name_union *ptr); 740 struct tomoyo_name_union *ptr);
738/* Check whether the given filename matches the given path_group. */ 741/* Check whether the given filename matches the given path_group. */
739bool tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, 742const struct tomoyo_path_info *
740 const struct tomoyo_group *group); 743tomoyo_path_matches_group(const struct tomoyo_path_info *pathname,
744 const struct tomoyo_group *group);
741/* Check whether the given value matches the given number_group. */ 745/* Check whether the given value matches the given number_group. */
742bool tomoyo_number_matches_group(const unsigned long min, 746bool tomoyo_number_matches_group(const unsigned long min,
743 const unsigned long max, 747 const unsigned long max,
@@ -879,7 +883,7 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
879 const struct tomoyo_acl_head 883 const struct tomoyo_acl_head
880 *)); 884 *));
881void tomoyo_check_acl(struct tomoyo_request_info *r, 885void tomoyo_check_acl(struct tomoyo_request_info *r,
882 bool (*check_entry) (const struct tomoyo_request_info *, 886 bool (*check_entry) (struct tomoyo_request_info *,
883 const struct tomoyo_acl_info *)); 887 const struct tomoyo_acl_info *));
884 888
885/********** External variable definitions. **********/ 889/********** External variable definitions. **********/