diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2012-03-17 07:33:38 -0400 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2012-03-19 21:06:50 -0400 |
| commit | 7d7473dbdb9121dd1b5939566660d51130ecda3a (patch) | |
| tree | 057bf591dd896c01a2b35b31dc41996d3d9e51b8 /security/tomoyo | |
| parent | b01d3fb921df9baef1ecd13704f4b1e269b58b6b (diff) | |
TOMOYO: Return error if fails to delete a domain
Call sequence:
tomoyo_write_domain() --> tomoyo_delete_domain()
In 'tomoyo_delete_domain', return -EINTR if locking attempt is
interrupted by signal.
At present it returns success to its caller 'tomoyo_write_domain()'
even though domain is not deleted. 'tomoyo_write_domain()' assumes
domain is deleted and returns success to its caller. This is wrong behaviour.
'tomoyo_write_domain' should return error from tomoyo_delete_domain() to its
caller.
Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/tomoyo')
| -rw-r--r-- | security/tomoyo/common.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index d8561c30fbf2..8656b16eef7b 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
| @@ -1069,7 +1069,7 @@ static int tomoyo_write_task(struct tomoyo_acl_param *param) | |||
| 1069 | * | 1069 | * |
| 1070 | * @domainname: The name of domain. | 1070 | * @domainname: The name of domain. |
| 1071 | * | 1071 | * |
| 1072 | * Returns 0. | 1072 | * Returns 0 on success, negative value otherwise. |
| 1073 | * | 1073 | * |
| 1074 | * Caller holds tomoyo_read_lock(). | 1074 | * Caller holds tomoyo_read_lock(). |
| 1075 | */ | 1075 | */ |
| @@ -1081,7 +1081,7 @@ static int tomoyo_delete_domain(char *domainname) | |||
| 1081 | name.name = domainname; | 1081 | name.name = domainname; |
| 1082 | tomoyo_fill_path_info(&name); | 1082 | tomoyo_fill_path_info(&name); |
| 1083 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) | 1083 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
| 1084 | return 0; | 1084 | return -EINTR; |
| 1085 | /* Is there an active domain? */ | 1085 | /* Is there an active domain? */ |
| 1086 | list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { | 1086 | list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { |
| 1087 | /* Never delete tomoyo_kernel_domain */ | 1087 | /* Never delete tomoyo_kernel_domain */ |
| @@ -1164,15 +1164,16 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) | |||
| 1164 | bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); | 1164 | bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); |
| 1165 | unsigned int profile; | 1165 | unsigned int profile; |
| 1166 | if (*data == '<') { | 1166 | if (*data == '<') { |
| 1167 | int ret = 0; | ||
| 1167 | domain = NULL; | 1168 | domain = NULL; |
| 1168 | if (is_delete) | 1169 | if (is_delete) |
| 1169 | tomoyo_delete_domain(data); | 1170 | ret = tomoyo_delete_domain(data); |
| 1170 | else if (is_select) | 1171 | else if (is_select) |
| 1171 | domain = tomoyo_find_domain(data); | 1172 | domain = tomoyo_find_domain(data); |
| 1172 | else | 1173 | else |
| 1173 | domain = tomoyo_assign_domain(data, false); | 1174 | domain = tomoyo_assign_domain(data, false); |
| 1174 | head->w.domain = domain; | 1175 | head->w.domain = domain; |
| 1175 | return 0; | 1176 | return ret; |
| 1176 | } | 1177 | } |
| 1177 | if (!domain) | 1178 | if (!domain) |
| 1178 | return -EINVAL; | 1179 | return -EINVAL; |