TOMOYO: Accept manager programs which do not start with / .

The pathname of /usr/sbin/tomoyo-editpolicy seen from Ubuntu 12.04 Live CD is squashfs:/usr/sbin/tomoyo-editpolicy rather than /usr/sbin/tomoyo-editpolicy . Therefore, we need to accept manager programs which do not start with / . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2012-05-13 10:03:23 -0400
committer: James Morris <james.l.morris@oracle.com> 2012-05-14 20:24:29 -0400
commit: 77b513dda90fd99bd1225410b25e745b74779c1c (patch)
tree: 5555c83725ac407d2e1c3d020061580918524ceb /security/tomoyo
parent: fd75815f727f157a05f4c96b5294a4617c0557da (diff)
2 files changed, 6 insertions, 21 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 8656b16eef7b..2e0f12c62938 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -850,14 +850,9 @@ static int tomoyo_update_manager_entry(const char *manager,
                policy_list[TOMOYO_ID_MANAGER],
        };
        int error = is_delete ? -ENOENT : -ENOMEM;
-        if (tomoyo_domain_def(manager)) {
+        if (!tomoyo_correct_domain(manager) &&
-                if (!tomoyo_correct_domain(manager))
+            !tomoyo_correct_word(manager))
-                        return -EINVAL;
+                return -EINVAL;
-                e.is_domain = true;
-        } else {
-                if (!tomoyo_correct_path(manager))
-                        return -EINVAL;
-        }
        e.manager = tomoyo_get_name(manager);
        if (e.manager) {
                error = tomoyo_update_policy(&e.head, sizeof(e), &param,
@@ -932,23 +927,14 @@ static bool tomoyo_manager(void)
                return true;
        if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
                return false;
-        list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
-                                policy_list[TOMOYO_ID_MANAGER], head.list) {
-                if (!ptr->head.is_deleted && ptr->is_domain
-                    && !tomoyo_pathcmp(domainname, ptr->manager)) {
-                        found = true;
-                        break;
-                }
-        }
-        if (found)
-                return true;
        exe = tomoyo_get_exe();
        if (!exe)
                return false;
        list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
                                policy_list[TOMOYO_ID_MANAGER], head.list) {
-                if (!ptr->head.is_deleted && !ptr->is_domain
+                if (!ptr->head.is_deleted &&
-                    && !strcmp(exe, ptr->manager->name)) {
+                    (!tomoyo_pathcmp(domainname, ptr->manager) ||
+                     !strcmp(exe, ptr->manager->name))) {
                        found = true;
                        break;
                }
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 30fd98369700..75e4dc1c02a0 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -860,7 +860,6 @@ struct tomoyo_aggregator {
 /* Structure for policy manager. */
 struct tomoyo_manager {
        struct tomoyo_acl_head head;
-        bool is_domain;  /* True if manager is a domainname. */
        /* A path to program or a domainname. */
        const struct tomoyo_path_info *manager;
 };
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2012-05-13 10:03:23 -0400
committer	James Morris <james.l.morris@oracle.com>	2012-05-14 20:24:29 -0400
commit	77b513dda90fd99bd1225410b25e745b74779c1c (patch)
tree	5555c83725ac407d2e1c3d020061580918524ceb /security/tomoyo
parent	fd75815f727f157a05f4c96b5294a4617c0557da (diff)