diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2012-05-13 10:03:23 -0400 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-05-14 20:24:29 -0400 |
commit | 77b513dda90fd99bd1225410b25e745b74779c1c (patch) | |
tree | 5555c83725ac407d2e1c3d020061580918524ceb /security | |
parent | fd75815f727f157a05f4c96b5294a4617c0557da (diff) |
TOMOYO: Accept manager programs which do not start with / .
The pathname of /usr/sbin/tomoyo-editpolicy seen from Ubuntu 12.04 Live CD is
squashfs:/usr/sbin/tomoyo-editpolicy rather than /usr/sbin/tomoyo-editpolicy .
Therefore, we need to accept manager programs which do not start with / .
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/tomoyo/common.c | 26 | ||||
-rw-r--r-- | security/tomoyo/common.h | 1 |
2 files changed, 6 insertions, 21 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 8656b16eef7b..2e0f12c62938 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -850,14 +850,9 @@ static int tomoyo_update_manager_entry(const char *manager, | |||
850 | policy_list[TOMOYO_ID_MANAGER], | 850 | policy_list[TOMOYO_ID_MANAGER], |
851 | }; | 851 | }; |
852 | int error = is_delete ? -ENOENT : -ENOMEM; | 852 | int error = is_delete ? -ENOENT : -ENOMEM; |
853 | if (tomoyo_domain_def(manager)) { | 853 | if (!tomoyo_correct_domain(manager) && |
854 | if (!tomoyo_correct_domain(manager)) | 854 | !tomoyo_correct_word(manager)) |
855 | return -EINVAL; | 855 | return -EINVAL; |
856 | e.is_domain = true; | ||
857 | } else { | ||
858 | if (!tomoyo_correct_path(manager)) | ||
859 | return -EINVAL; | ||
860 | } | ||
861 | e.manager = tomoyo_get_name(manager); | 856 | e.manager = tomoyo_get_name(manager); |
862 | if (e.manager) { | 857 | if (e.manager) { |
863 | error = tomoyo_update_policy(&e.head, sizeof(e), ¶m, | 858 | error = tomoyo_update_policy(&e.head, sizeof(e), ¶m, |
@@ -932,23 +927,14 @@ static bool tomoyo_manager(void) | |||
932 | return true; | 927 | return true; |
933 | if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) | 928 | if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) |
934 | return false; | 929 | return false; |
935 | list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. | ||
936 | policy_list[TOMOYO_ID_MANAGER], head.list) { | ||
937 | if (!ptr->head.is_deleted && ptr->is_domain | ||
938 | && !tomoyo_pathcmp(domainname, ptr->manager)) { | ||
939 | found = true; | ||
940 | break; | ||
941 | } | ||
942 | } | ||
943 | if (found) | ||
944 | return true; | ||
945 | exe = tomoyo_get_exe(); | 930 | exe = tomoyo_get_exe(); |
946 | if (!exe) | 931 | if (!exe) |
947 | return false; | 932 | return false; |
948 | list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. | 933 | list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. |
949 | policy_list[TOMOYO_ID_MANAGER], head.list) { | 934 | policy_list[TOMOYO_ID_MANAGER], head.list) { |
950 | if (!ptr->head.is_deleted && !ptr->is_domain | 935 | if (!ptr->head.is_deleted && |
951 | && !strcmp(exe, ptr->manager->name)) { | 936 | (!tomoyo_pathcmp(domainname, ptr->manager) || |
937 | !strcmp(exe, ptr->manager->name))) { | ||
952 | found = true; | 938 | found = true; |
953 | break; | 939 | break; |
954 | } | 940 | } |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 30fd98369700..75e4dc1c02a0 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -860,7 +860,6 @@ struct tomoyo_aggregator { | |||
860 | /* Structure for policy manager. */ | 860 | /* Structure for policy manager. */ |
861 | struct tomoyo_manager { | 861 | struct tomoyo_manager { |
862 | struct tomoyo_acl_head head; | 862 | struct tomoyo_acl_head head; |
863 | bool is_domain; /* True if manager is a domainname. */ | ||
864 | /* A path to program or a domainname. */ | 863 | /* A path to program or a domainname. */ |
865 | const struct tomoyo_path_info *manager; | 864 | const struct tomoyo_path_info *manager; |
866 | }; | 865 | }; |