aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2012-05-13 10:03:23 -0400
committerJames Morris <james.l.morris@oracle.com>2012-05-14 20:24:29 -0400
commit77b513dda90fd99bd1225410b25e745b74779c1c (patch)
tree5555c83725ac407d2e1c3d020061580918524ceb /security
parentfd75815f727f157a05f4c96b5294a4617c0557da (diff)
TOMOYO: Accept manager programs which do not start with / .
The pathname of /usr/sbin/tomoyo-editpolicy seen from Ubuntu 12.04 Live CD is squashfs:/usr/sbin/tomoyo-editpolicy rather than /usr/sbin/tomoyo-editpolicy . Therefore, we need to accept manager programs which do not start with / . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/common.c26
-rw-r--r--security/tomoyo/common.h1
2 files changed, 6 insertions, 21 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 8656b16eef7b..2e0f12c62938 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -850,14 +850,9 @@ static int tomoyo_update_manager_entry(const char *manager,
850 policy_list[TOMOYO_ID_MANAGER], 850 policy_list[TOMOYO_ID_MANAGER],
851 }; 851 };
852 int error = is_delete ? -ENOENT : -ENOMEM; 852 int error = is_delete ? -ENOENT : -ENOMEM;
853 if (tomoyo_domain_def(manager)) { 853 if (!tomoyo_correct_domain(manager) &&
854 if (!tomoyo_correct_domain(manager)) 854 !tomoyo_correct_word(manager))
855 return -EINVAL; 855 return -EINVAL;
856 e.is_domain = true;
857 } else {
858 if (!tomoyo_correct_path(manager))
859 return -EINVAL;
860 }
861 e.manager = tomoyo_get_name(manager); 856 e.manager = tomoyo_get_name(manager);
862 if (e.manager) { 857 if (e.manager) {
863 error = tomoyo_update_policy(&e.head, sizeof(e), &param, 858 error = tomoyo_update_policy(&e.head, sizeof(e), &param,
@@ -932,23 +927,14 @@ static bool tomoyo_manager(void)
932 return true; 927 return true;
933 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 928 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
934 return false; 929 return false;
935 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
936 policy_list[TOMOYO_ID_MANAGER], head.list) {
937 if (!ptr->head.is_deleted && ptr->is_domain
938 && !tomoyo_pathcmp(domainname, ptr->manager)) {
939 found = true;
940 break;
941 }
942 }
943 if (found)
944 return true;
945 exe = tomoyo_get_exe(); 930 exe = tomoyo_get_exe();
946 if (!exe) 931 if (!exe)
947 return false; 932 return false;
948 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. 933 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
949 policy_list[TOMOYO_ID_MANAGER], head.list) { 934 policy_list[TOMOYO_ID_MANAGER], head.list) {
950 if (!ptr->head.is_deleted && !ptr->is_domain 935 if (!ptr->head.is_deleted &&
951 && !strcmp(exe, ptr->manager->name)) { 936 (!tomoyo_pathcmp(domainname, ptr->manager) ||
937 !strcmp(exe, ptr->manager->name))) {
952 found = true; 938 found = true;
953 break; 939 break;
954 } 940 }
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 30fd98369700..75e4dc1c02a0 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -860,7 +860,6 @@ struct tomoyo_aggregator {
860/* Structure for policy manager. */ 860/* Structure for policy manager. */
861struct tomoyo_manager { 861struct tomoyo_manager {
862 struct tomoyo_acl_head head; 862 struct tomoyo_acl_head head;
863 bool is_domain; /* True if manager is a domainname. */
864 /* A path to program or a domainname. */ 863 /* A path to program or a domainname. */
865 const struct tomoyo_path_info *manager; 864 const struct tomoyo_path_info *manager;
866}; 865};