TOMOYO: Allow wildcard for execute permission.

Some applications create and execute programs dynamically. We need to accept wildcard for execute permission because such programs contain random suffix in their filenames. This patch loosens up regulation of string parameters. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2010-06-03 07:37:26 -0400
committer: James Morris <jmorris@namei.org> 2010-08-02 01:33:42 -0400
commit: 3f629636320dfa65804779a3fc333f3147f3b064 (patch)
tree: e44dc9f63ae8c6cd37d5471d014cd9b0449027e7 /security/tomoyo/domain.c
parent: c8c57e842720d8cc92ac8607f2d1c16d92314573 (diff)
1 files changed, 11 insertions, 10 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 7b8693e29a13..50f6e7972174 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -131,11 +131,11 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
        struct tomoyo_domain_initializer_entry e = { .is_not = is_not };
        int error = is_delete ? -ENOENT : -ENOMEM;
-        if (!tomoyo_is_correct_path(program, 1, -1, -1))
+        if (!tomoyo_is_correct_path(program))
-                return -EINVAL; /* No patterns allowed. */
+                return -EINVAL;
        if (domainname) {
                if (!tomoyo_is_domain_def(domainname) &&
-                    tomoyo_is_correct_path(domainname, 1, -1, -1))
+                    tomoyo_is_correct_path(domainname))
                        e.is_last_name = true;
                else if (!tomoyo_is_correct_domain(domainname))
                        return -EINVAL;
@@ -342,12 +342,12 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
        int error = is_delete ? -ENOENT : -ENOMEM;
        if (!tomoyo_is_domain_def(domainname) &&
-            tomoyo_is_correct_path(domainname, 1, -1, -1))
+            tomoyo_is_correct_path(domainname))
                e.is_last_name = true;
        else if (!tomoyo_is_correct_domain(domainname))
                return -EINVAL;
        if (program) {
-                if (!tomoyo_is_correct_path(program, 1, -1, -1))
+                if (!tomoyo_is_correct_path(program))
                        return -EINVAL;
                e.program = tomoyo_get_name(program);
                if (!e.program)
@@ -533,13 +533,14 @@ static int tomoyo_update_alias_entry(const char *original_name,
        struct tomoyo_alias_entry e = { };
        int error = is_delete ? -ENOENT : -ENOMEM;
-        if (!tomoyo_is_correct_path(original_name, 1, -1, -1) ||
+        if (!tomoyo_is_correct_path(original_name) ||
-            !tomoyo_is_correct_path(aliased_name, 1, -1, -1))
+            !tomoyo_is_correct_path(aliased_name))
-                return -EINVAL; /* No patterns allowed. */
+                return -EINVAL;
        e.original_name = tomoyo_get_name(original_name);
        e.aliased_name = tomoyo_get_name(aliased_name);
-        if (!e.original_name || !e.aliased_name)
+        if (!e.original_name || !e.aliased_name ||
-                goto out;
+            e.original_name->is_patterned || e.aliased_name->is_patterned)
+                goto out; /* No patterns allowed. */
        if (mutex_lock_interruptible(&tomoyo_policy_lock))
                goto out;
        list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2010-06-03 07:37:26 -0400
committer	James Morris <jmorris@namei.org>	2010-08-02 01:33:42 -0400
commit	3f629636320dfa65804779a3fc333f3147f3b064 (patch)
tree	e44dc9f63ae8c6cd37d5471d014cd9b0449027e7 /security/tomoyo/domain.c
parent	c8c57e842720d8cc92ac8607f2d1c16d92314573 (diff)