TOMOYO: Change pathname for non-rename()able filesystems.

TOMOYO wants to use /proc/self/ rather than /proc/$PID/ if $PID matches current thread's process ID in order to prevent current thread from accessing other process's information unless needed. But since procfs can be mounted on various locations (e.g. /proc/ /proc2/ /p/ /tmp/foo/100/p/ ), TOMOYO cannot tell that whether the numeric part in the string returned by __d_path() represents process ID or not. Therefore, to be able to convert from $PID to self no matter where procfs is mounted, this patch changes pathname representations for filesystems which do not support rename() operation (e.g. proc, sysfs, securityfs). Examples: /proc/self/mounts => proc:/self/mounts /sys/kernel/security/ => sys:/kernel/security/ /dev/pts/0 => devpts:/0 Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2011-06-26 10:20:23 -0400
committer: James Morris <jmorris@namei.org> 2011-06-28 19:31:21 -0400
commit: 5625f2e3266319fd29fe4f1c76ccd3f550c79ac4 (patch)
tree: 190e96d956213b22da705872094ebdf5272af972 /security/tomoyo/file.c
parent: bd03a3e4c9a9df0c6b007045fa7fc8889111a478 (diff)
1 files changed, 3 insertions, 9 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 323ddc73a125..8410f28a35e0 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -712,7 +712,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
        int idx;
        if (tomoyo_init_request_info(&r, NULL, tomoyo_pn2mac[type])
-            == TOMOYO_CONFIG_DISABLED || !path->mnt || !path->dentry)
+            == TOMOYO_CONFIG_DISABLED || !path->dentry)
                return 0;
        idx = tomoyo_read_lock();
        if (!tomoyo_get_realpath(&buf, path))
@@ -753,8 +753,6 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
        struct tomoyo_request_info r;
        int idx;
-        if (!path->mnt)
-                return 0;
        buf.name = NULL;
        r.mode = TOMOYO_CONFIG_DISABLED;
        idx = tomoyo_read_lock();
@@ -798,8 +796,6 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
        bool is_enforce;
        int idx;
-        if (!path->mnt)
-                return 0;
        if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation])
            == TOMOYO_CONFIG_DISABLED)
                return 0;
@@ -842,8 +838,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
        struct tomoyo_path_info buf;
        int idx;
-        if (!path->mnt ||
+        if (tomoyo_init_request_info(&r, NULL, tomoyo_pnnn2mac[operation])
-            tomoyo_init_request_info(&r, NULL, tomoyo_pnnn2mac[operation])
            == TOMOYO_CONFIG_DISABLED)
                return 0;
        idx = tomoyo_read_lock();
@@ -884,8 +879,7 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
        struct tomoyo_request_info r;
        int idx;
-        if (!path1->mnt || !path2->mnt ||
+        if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation])
-            tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation])
            == TOMOYO_CONFIG_DISABLED)
                return 0;
        buf1.name = NULL;
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2011-06-26 10:20:23 -0400
committer	James Morris <jmorris@namei.org>	2011-06-28 19:31:21 -0400
commit	5625f2e3266319fd29fe4f1c76ccd3f550c79ac4 (patch)
tree	190e96d956213b22da705872094ebdf5272af972 /security/tomoyo/file.c
parent	bd03a3e4c9a9df0c6b007045fa7fc8889111a478 (diff)