diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-07-29 01:29:55 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 01:38:38 -0400 |
commit | 484ca79c653121d3c79fffb86e1deea724f2e20b (patch) | |
tree | 457aa73e37c9b5e5b4306430f40d1985b59ca226 /security/tomoyo/common.h | |
parent | 4d6ec10bb4461fdc9a9ab94ef32934e13564e873 (diff) |
TOMOYO: Use pathname specified by policy rather than execve()
Commit c9e69318 "TOMOYO: Allow wildcard for execute permission." changed execute
permission and domainname to accept wildcards. But tomoyo_find_next_domain()
was using pathname passed to execve() rather than pathname specified by the
execute permission. As a result, processes were not able to transit to domains
which contain wildcards in their domainnames.
This patch passes pathname specified by the execute permission back to
tomoyo_find_next_domain() so that processes can transit to domains which
contain wildcards in their domainnames.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r-- | security/tomoyo/common.h | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 2ffad6138555..04454cb7b24a 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -246,6 +246,8 @@ struct tomoyo_request_info { | |||
246 | union { | 246 | union { |
247 | struct { | 247 | struct { |
248 | const struct tomoyo_path_info *filename; | 248 | const struct tomoyo_path_info *filename; |
249 | /* For using wildcards at tomoyo_find_next_domain(). */ | ||
250 | const struct tomoyo_path_info *matched_path; | ||
249 | u8 operation; | 251 | u8 operation; |
250 | } path; | 252 | } path; |
251 | struct { | 253 | struct { |
@@ -718,8 +720,9 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r); | |||
718 | /* Print out of memory warning message. */ | 720 | /* Print out of memory warning message. */ |
719 | void tomoyo_warn_oom(const char *function); | 721 | void tomoyo_warn_oom(const char *function); |
720 | /* Check whether the given name matches the given name_union. */ | 722 | /* Check whether the given name matches the given name_union. */ |
721 | bool tomoyo_compare_name_union(const struct tomoyo_path_info *name, | 723 | const struct tomoyo_path_info * |
722 | const struct tomoyo_name_union *ptr); | 724 | tomoyo_compare_name_union(const struct tomoyo_path_info *name, |
725 | const struct tomoyo_name_union *ptr); | ||
723 | /* Check whether the given number matches the given number_union. */ | 726 | /* Check whether the given number matches the given number_union. */ |
724 | bool tomoyo_compare_number_union(const unsigned long value, | 727 | bool tomoyo_compare_number_union(const unsigned long value, |
725 | const struct tomoyo_number_union *ptr); | 728 | const struct tomoyo_number_union *ptr); |
@@ -736,8 +739,9 @@ bool tomoyo_domain_def(const unsigned char *buffer); | |||
736 | bool tomoyo_parse_name_union(const char *filename, | 739 | bool tomoyo_parse_name_union(const char *filename, |
737 | struct tomoyo_name_union *ptr); | 740 | struct tomoyo_name_union *ptr); |
738 | /* Check whether the given filename matches the given path_group. */ | 741 | /* Check whether the given filename matches the given path_group. */ |
739 | bool tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, | 742 | const struct tomoyo_path_info * |
740 | const struct tomoyo_group *group); | 743 | tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, |
744 | const struct tomoyo_group *group); | ||
741 | /* Check whether the given value matches the given number_group. */ | 745 | /* Check whether the given value matches the given number_group. */ |
742 | bool tomoyo_number_matches_group(const unsigned long min, | 746 | bool tomoyo_number_matches_group(const unsigned long min, |
743 | const unsigned long max, | 747 | const unsigned long max, |
@@ -879,7 +883,7 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, | |||
879 | const struct tomoyo_acl_head | 883 | const struct tomoyo_acl_head |
880 | *)); | 884 | *)); |
881 | void tomoyo_check_acl(struct tomoyo_request_info *r, | 885 | void tomoyo_check_acl(struct tomoyo_request_info *r, |
882 | bool (*check_entry) (const struct tomoyo_request_info *, | 886 | bool (*check_entry) (struct tomoyo_request_info *, |
883 | const struct tomoyo_acl_info *)); | 887 | const struct tomoyo_acl_info *)); |
884 | 888 | ||
885 | /********** External variable definitions. **********/ | 889 | /********** External variable definitions. **********/ |