TOMOYO: Fix quota and garbage collector.

Commit 059d84db "TOMOYO: Add socket operation restriction support" and commit 731d37aa "TOMOYO: Allow domain transition without execve()." forgot to update tomoyo_domain_quota_is_ok() and tomoyo_del_acl() which results in incorrect quota counting and memory leak. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2011-10-11 01:06:41 -0400
committer: James Morris <jmorris@namei.org> 2011-10-11 21:15:20 -0400
commit: 545a7260343bbaf11c7f1a4b8c3d9660bb9266e5 (patch)
tree: 47f07960ef637b6475061575e7ae2fa7a4732a78 /security/tomoyo
parent: e2b8b25a6795488eba7bb757706b3ac725c31fac (diff)
2 files changed, 18 insertions, 0 deletions
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index c3214b32dbfb..986a6a756868 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -221,6 +221,13 @@ static void tomoyo_del_acl(struct list_head *element)
                        tomoyo_put_name_union(&entry->name);
                }
                break;
+        case TOMOYO_TYPE_MANUAL_TASK_ACL:
+                {
+                        struct tomoyo_task_acl *entry =
+                                container_of(acl, typeof(*entry), head);
+                        tomoyo_put_name(entry->domainname);
+                }
+                break;
        }
 }
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index 50e9b4c73ceb..4a9b4b2eb755 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -1057,6 +1057,17 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
                        perm = container_of(ptr, struct tomoyo_mkdev_acl,
                                            head)->perm;
                        break;
+                case TOMOYO_TYPE_INET_ACL:
+                        perm = container_of(ptr, struct tomoyo_inet_acl,
+                                            head)->perm;
+                        break;
+                case TOMOYO_TYPE_UNIX_ACL:
+                        perm = container_of(ptr, struct tomoyo_unix_acl,
+                                            head)->perm;
+                        break;
+                case TOMOYO_TYPE_MANUAL_TASK_ACL:
+                        perm = 0;
+                        break;
                default:
                        perm = 1;
                }
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2011-10-11 01:06:41 -0400
committer	James Morris <jmorris@namei.org>	2011-10-11 21:15:20 -0400
commit	545a7260343bbaf11c7f1a4b8c3d9660bb9266e5 (patch)
tree	47f07960ef637b6475061575e7ae2fa7a4732a78 /security/tomoyo
parent	e2b8b25a6795488eba7bb757706b3ac725c31fac (diff)

diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index c3214b32dbfb..986a6a756868 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c
@@ -221,6 +221,13 @@ static void tomoyo_del_acl(struct list_head *element)
221	tomoyo_put_name_union(&entry->name);	221	tomoyo_put_name_union(&entry->name);
222	}	222	}
223	break;	223	break;
		224	case TOMOYO_TYPE_MANUAL_TASK_ACL:
		225	{
		226	struct tomoyo_task_acl *entry =
		227	container_of(acl, typeof(*entry), head);
		228	tomoyo_put_name(entry->domainname);
		229	}
		230	break;
224	}	231	}
225	}	232	}
226		233


diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 50e9b4c73ceb..4a9b4b2eb755 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c
@@ -1057,6 +1057,17 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
1057	perm = container_of(ptr, struct tomoyo_mkdev_acl,	1057	perm = container_of(ptr, struct tomoyo_mkdev_acl,
1058	head)->perm;	1058	head)->perm;
1059	break;	1059	break;
		1060	case TOMOYO_TYPE_INET_ACL:
		1061	perm = container_of(ptr, struct tomoyo_inet_acl,
		1062	head)->perm;
		1063	break;
		1064	case TOMOYO_TYPE_UNIX_ACL:
		1065	perm = container_of(ptr, struct tomoyo_unix_acl,
		1066	head)->perm;
		1067	break;
		1068	case TOMOYO_TYPE_MANUAL_TASK_ACL:
		1069	perm = 0;
		1070	break;
1060	default:	1071	default:
1061	perm = 1;	1072	perm = 1;
1062	}	1073	}