diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-07-29 01:29:55 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-08-02 01:38:38 -0400 |
| commit | 484ca79c653121d3c79fffb86e1deea724f2e20b (patch) | |
| tree | 457aa73e37c9b5e5b4306430f40d1985b59ca226 /security/tomoyo/domain.c | |
| parent | 4d6ec10bb4461fdc9a9ab94ef32934e13564e873 (diff) | |
TOMOYO: Use pathname specified by policy rather than execve()
Commit c9e69318 "TOMOYO: Allow wildcard for execute permission." changed execute
permission and domainname to accept wildcards. But tomoyo_find_next_domain()
was using pathname passed to execve() rather than pathname specified by the
execute permission. As a result, processes were not able to transit to domains
which contain wildcards in their domainnames.
This patch passes pathname specified by the execute permission back to
tomoyo_find_next_domain() so that processes can transit to domains which
contain wildcards in their domainnames.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/domain.c')
| -rw-r--r-- | security/tomoyo/domain.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 4e0101b0041a..35388408e475 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
| @@ -110,7 +110,7 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, | |||
| 110 | } | 110 | } |
| 111 | 111 | ||
| 112 | void tomoyo_check_acl(struct tomoyo_request_info *r, | 112 | void tomoyo_check_acl(struct tomoyo_request_info *r, |
| 113 | bool (*check_entry) (const struct tomoyo_request_info *, | 113 | bool (*check_entry) (struct tomoyo_request_info *, |
| 114 | const struct tomoyo_acl_info *)) | 114 | const struct tomoyo_acl_info *)) |
| 115 | { | 115 | { |
| 116 | const struct tomoyo_domain_info *domain = r->domain; | 116 | const struct tomoyo_domain_info *domain = r->domain; |
| @@ -465,6 +465,19 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) | |||
| 465 | goto retry; | 465 | goto retry; |
| 466 | if (retval < 0) | 466 | if (retval < 0) |
| 467 | goto out; | 467 | goto out; |
| 468 | /* | ||
| 469 | * To be able to specify domainnames with wildcards, use the | ||
| 470 | * pathname specified in the policy (which may contain | ||
| 471 | * wildcard) rather than the pathname passed to execve() | ||
| 472 | * (which never contains wildcard). | ||
| 473 | */ | ||
| 474 | if (r.param.path.matched_path) { | ||
| 475 | if (need_kfree) | ||
| 476 | kfree(rn.name); | ||
| 477 | need_kfree = false; | ||
| 478 | /* This is OK because it is read only. */ | ||
| 479 | rn = *r.param.path.matched_path; | ||
| 480 | } | ||
| 468 | 481 | ||
| 469 | /* Calculate domain to transit to. */ | 482 | /* Calculate domain to transit to. */ |
| 470 | switch (tomoyo_transition_type(old_domain->domainname, &rn)) { | 483 | switch (tomoyo_transition_type(old_domain->domainname, &rn)) { |