diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2011-03-16 12:15:43 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-03-16 12:15:43 -0400 |
| commit | 0f6e0e8448a16d8d22119ce91d8dd24b44865b51 (patch) | |
| tree | 7c295c02db035fc6a0b867465911a2bc9dc6b1ef /security/tomoyo/file.c | |
| parent | 0d2ecee2bdb2a19d04bc5cefac0f86e790f1aad4 (diff) | |
| parent | a002951c97ff8da49938c982a4c236bf2fafdc9f (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (33 commits)
AppArmor: kill unused macros in lsm.c
AppArmor: cleanup generated files correctly
KEYS: Add an iovec version of KEYCTL_INSTANTIATE
KEYS: Add a new keyctl op to reject a key with a specified error code
KEYS: Add a key type op to permit the key description to be vetted
KEYS: Add an RCU payload dereference macro
AppArmor: Cleanup make file to remove cruft and make it easier to read
SELinux: implement the new sb_remount LSM hook
LSM: Pass -o remount options to the LSM
SELinux: Compute SID for the newly created socket
SELinux: Socket retains creator role and MLS attribute
SELinux: Auto-generate security_is_socket_class
TOMOYO: Fix memory leak upon file open.
Revert "selinux: simplify ioctl checking"
selinux: drop unused packet flow permissions
selinux: Fix packet forwarding checks on postrouting
selinux: Fix wrong checks for selinux_policycap_netpeer
selinux: Fix check for xfrm selinux context algorithm
ima: remove unnecessary call to ima_must_measure
IMA: remove IMA imbalance checking
...
Diffstat (limited to 'security/tomoyo/file.c')
| -rw-r--r-- | security/tomoyo/file.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 9d32f182301e..cb09f1fce910 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
| @@ -927,7 +927,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | |||
| 927 | struct path *path, const int flag) | 927 | struct path *path, const int flag) |
| 928 | { | 928 | { |
| 929 | const u8 acc_mode = ACC_MODE(flag); | 929 | const u8 acc_mode = ACC_MODE(flag); |
| 930 | int error = -ENOMEM; | 930 | int error = 0; |
| 931 | struct tomoyo_path_info buf; | 931 | struct tomoyo_path_info buf; |
| 932 | struct tomoyo_request_info r; | 932 | struct tomoyo_request_info r; |
| 933 | int idx; | 933 | int idx; |
| @@ -938,9 +938,6 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | |||
| 938 | buf.name = NULL; | 938 | buf.name = NULL; |
| 939 | r.mode = TOMOYO_CONFIG_DISABLED; | 939 | r.mode = TOMOYO_CONFIG_DISABLED; |
| 940 | idx = tomoyo_read_lock(); | 940 | idx = tomoyo_read_lock(); |
| 941 | if (!tomoyo_get_realpath(&buf, path)) | ||
| 942 | goto out; | ||
| 943 | error = 0; | ||
| 944 | /* | 941 | /* |
| 945 | * If the filename is specified by "deny_rewrite" keyword, | 942 | * If the filename is specified by "deny_rewrite" keyword, |
| 946 | * we need to check "allow_rewrite" permission when the filename is not | 943 | * we need to check "allow_rewrite" permission when the filename is not |