TOMOYO: Allow using executable's realpath and symlink's target as conditions.

This patch adds support for permission checks using executable file's realpath
upon execve() and symlink's target upon symlink(). Hooks are in the last patch
of this pathset.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 5 insertions, 0 deletions

diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 21fccd67c255..e0502b6d5866 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -357,13 +357,18 @@ void tomoyo_del_condition(struct list_head *element)
                                                      head.list);
         const u16 condc = cond->condc;
         const u16 numbers_count = cond->numbers_count;
+        const u16 names_count = cond->names_count;
         unsigned int i;
         const struct tomoyo_condition_element *condp
                 = (const struct tomoyo_condition_element *) (cond + 1);
         struct tomoyo_number_union *numbers_p
                 = (struct tomoyo_number_union *) (condp + condc);
+        struct tomoyo_name_union *names_p
+                = (struct tomoyo_name_union *) (numbers_p + numbers_count);
         for (i = 0; i < numbers_count; i++)
                 tomoyo_put_number_union(numbers_p++);
+        for (i = 0; i < names_count; i++)
+                tomoyo_put_name_union(names_p++);
 }
 
 /**