diff options
| author | James Morris <jmorris@namei.org> | 2011-05-24 08:55:24 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-05-24 08:55:24 -0400 |
| commit | 434d42cfd05a7cc452457a81d2029540cba12150 (patch) | |
| tree | 3a6b9b7f9ff2e1b7409dd66c15242b2a75aa4422 /security | |
| parent | d762f4383100c2a87b1a3f2d678cd3b5425655b4 (diff) | |
| parent | 12a5a2621b1ee14d32beca35304d7c6076a58815 (diff) | |
Merge branch 'next' into for-linus
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig | 1 | ||||
| -rw-r--r-- | security/commoncap.c | 13 | ||||
| -rw-r--r-- | security/keys/internal.h | 4 | ||||
| -rw-r--r-- | security/keys/keyctl.c | 6 | ||||
| -rw-r--r-- | security/keys/keyring.c | 37 | ||||
| -rw-r--r-- | security/keys/proc.c | 2 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 12 | ||||
| -rw-r--r-- | security/keys/request_key.c | 3 | ||||
| -rw-r--r-- | security/keys/request_key_auth.c | 3 | ||||
| -rw-r--r-- | security/keys/user_defined.c | 4 | ||||
| -rw-r--r-- | security/tomoyo/common.c | 17 | ||||
| -rw-r--r-- | security/tomoyo/file.c | 1 | ||||
| -rw-r--r-- | security/tomoyo/memory.c | 1 | ||||
| -rw-r--r-- | security/tomoyo/mount.c | 1 | ||||
| -rw-r--r-- | security/tomoyo/util.c | 2 |
15 files changed, 66 insertions, 41 deletions
diff --git a/security/Kconfig b/security/Kconfig index 95accd442d55..e0f08b52e4ab 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
| @@ -167,6 +167,7 @@ config INTEL_TXT | |||
| 167 | config LSM_MMAP_MIN_ADDR | 167 | config LSM_MMAP_MIN_ADDR |
| 168 | int "Low address space for LSM to protect from user allocation" | 168 | int "Low address space for LSM to protect from user allocation" |
| 169 | depends on SECURITY && SECURITY_SELINUX | 169 | depends on SECURITY && SECURITY_SELINUX |
| 170 | default 32768 if ARM | ||
| 170 | default 65536 | 171 | default 65536 |
| 171 | help | 172 | help |
| 172 | This is the portion of low virtual memory which should be protected | 173 | This is the portion of low virtual memory which should be protected |
diff --git a/security/commoncap.c b/security/commoncap.c index f20e984ccfb4..a93b3b733079 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -529,15 +529,10 @@ skip: | |||
| 529 | new->suid = new->fsuid = new->euid; | 529 | new->suid = new->fsuid = new->euid; |
| 530 | new->sgid = new->fsgid = new->egid; | 530 | new->sgid = new->fsgid = new->egid; |
| 531 | 531 | ||
| 532 | /* For init, we want to retain the capabilities set in the initial | 532 | if (effective) |
| 533 | * task. Thus we skip the usual capability rules | 533 | new->cap_effective = new->cap_permitted; |
| 534 | */ | 534 | else |
| 535 | if (!is_global_init(current)) { | 535 | cap_clear(new->cap_effective); |
| 536 | if (effective) | ||
| 537 | new->cap_effective = new->cap_permitted; | ||
| 538 | else | ||
| 539 | cap_clear(new->cap_effective); | ||
| 540 | } | ||
| 541 | bprm->cap_effective = effective; | 536 | bprm->cap_effective = effective; |
| 542 | 537 | ||
| 543 | /* | 538 | /* |
diff --git a/security/keys/internal.h b/security/keys/internal.h index 07a025f81902..f375152a2500 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h | |||
| @@ -109,11 +109,13 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, | |||
| 109 | const struct cred *cred, | 109 | const struct cred *cred, |
| 110 | struct key_type *type, | 110 | struct key_type *type, |
| 111 | const void *description, | 111 | const void *description, |
| 112 | key_match_func_t match); | 112 | key_match_func_t match, |
| 113 | bool no_state_check); | ||
| 113 | 114 | ||
| 114 | extern key_ref_t search_my_process_keyrings(struct key_type *type, | 115 | extern key_ref_t search_my_process_keyrings(struct key_type *type, |
| 115 | const void *description, | 116 | const void *description, |
| 116 | key_match_func_t match, | 117 | key_match_func_t match, |
| 118 | bool no_state_check, | ||
| 117 | const struct cred *cred); | 119 | const struct cred *cred); |
| 118 | extern key_ref_t search_process_keyrings(struct key_type *type, | 120 | extern key_ref_t search_process_keyrings(struct key_type *type, |
| 119 | const void *description, | 121 | const void *description, |
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 427fddcaeb19..eca51918c951 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
| @@ -206,8 +206,14 @@ SYSCALL_DEFINE4(request_key, const char __user *, _type, | |||
| 206 | goto error5; | 206 | goto error5; |
| 207 | } | 207 | } |
| 208 | 208 | ||
| 209 | /* wait for the key to finish being constructed */ | ||
| 210 | ret = wait_for_key_construction(key, 1); | ||
| 211 | if (ret < 0) | ||
| 212 | goto error6; | ||
| 213 | |||
| 209 | ret = key->serial; | 214 | ret = key->serial; |
| 210 | 215 | ||
| 216 | error6: | ||
| 211 | key_put(key); | 217 | key_put(key); |
| 212 | error5: | 218 | error5: |
| 213 | key_type_put(ktype); | 219 | key_type_put(ktype); |
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index cdd2f3f88c88..a06ffab38568 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
| @@ -176,13 +176,15 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m) | |||
| 176 | else | 176 | else |
| 177 | seq_puts(m, "[anon]"); | 177 | seq_puts(m, "[anon]"); |
| 178 | 178 | ||
| 179 | rcu_read_lock(); | 179 | if (key_is_instantiated(keyring)) { |
| 180 | klist = rcu_dereference(keyring->payload.subscriptions); | 180 | rcu_read_lock(); |
| 181 | if (klist) | 181 | klist = rcu_dereference(keyring->payload.subscriptions); |
| 182 | seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); | 182 | if (klist) |
| 183 | else | 183 | seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); |
| 184 | seq_puts(m, ": empty"); | 184 | else |
| 185 | rcu_read_unlock(); | 185 | seq_puts(m, ": empty"); |
| 186 | rcu_read_unlock(); | ||
| 187 | } | ||
| 186 | } | 188 | } |
| 187 | 189 | ||
| 188 | /* | 190 | /* |
| @@ -271,6 +273,7 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | |||
| 271 | * @type: The type of key to search for. | 273 | * @type: The type of key to search for. |
| 272 | * @description: Parameter for @match. | 274 | * @description: Parameter for @match. |
| 273 | * @match: Function to rule on whether or not a key is the one required. | 275 | * @match: Function to rule on whether or not a key is the one required. |
| 276 | * @no_state_check: Don't check if a matching key is bad | ||
| 274 | * | 277 | * |
| 275 | * Search the supplied keyring tree for a key that matches the criteria given. | 278 | * Search the supplied keyring tree for a key that matches the criteria given. |
| 276 | * The root keyring and any linked keyrings must grant Search permission to the | 279 | * The root keyring and any linked keyrings must grant Search permission to the |
| @@ -303,7 +306,8 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref, | |||
| 303 | const struct cred *cred, | 306 | const struct cred *cred, |
| 304 | struct key_type *type, | 307 | struct key_type *type, |
| 305 | const void *description, | 308 | const void *description, |
| 306 | key_match_func_t match) | 309 | key_match_func_t match, |
| 310 | bool no_state_check) | ||
| 307 | { | 311 | { |
| 308 | struct { | 312 | struct { |
| 309 | struct keyring_list *keylist; | 313 | struct keyring_list *keylist; |
| @@ -345,6 +349,8 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref, | |||
| 345 | kflags = keyring->flags; | 349 | kflags = keyring->flags; |
| 346 | if (keyring->type == type && match(keyring, description)) { | 350 | if (keyring->type == type && match(keyring, description)) { |
| 347 | key = keyring; | 351 | key = keyring; |
| 352 | if (no_state_check) | ||
| 353 | goto found; | ||
| 348 | 354 | ||
| 349 | /* check it isn't negative and hasn't expired or been | 355 | /* check it isn't negative and hasn't expired or been |
| 350 | * revoked */ | 356 | * revoked */ |
| @@ -384,11 +390,13 @@ descend: | |||
| 384 | continue; | 390 | continue; |
| 385 | 391 | ||
| 386 | /* skip revoked keys and expired keys */ | 392 | /* skip revoked keys and expired keys */ |
| 387 | if (kflags & (1 << KEY_FLAG_REVOKED)) | 393 | if (!no_state_check) { |
| 388 | continue; | 394 | if (kflags & (1 << KEY_FLAG_REVOKED)) |
| 395 | continue; | ||
| 389 | 396 | ||
| 390 | if (key->expiry && now.tv_sec >= key->expiry) | 397 | if (key->expiry && now.tv_sec >= key->expiry) |
| 391 | continue; | 398 | continue; |
| 399 | } | ||
| 392 | 400 | ||
| 393 | /* keys that don't match */ | 401 | /* keys that don't match */ |
| 394 | if (!match(key, description)) | 402 | if (!match(key, description)) |
| @@ -399,6 +407,9 @@ descend: | |||
| 399 | cred, KEY_SEARCH) < 0) | 407 | cred, KEY_SEARCH) < 0) |
| 400 | continue; | 408 | continue; |
| 401 | 409 | ||
| 410 | if (no_state_check) | ||
| 411 | goto found; | ||
| 412 | |||
| 402 | /* we set a different error code if we pass a negative key */ | 413 | /* we set a different error code if we pass a negative key */ |
| 403 | if (kflags & (1 << KEY_FLAG_NEGATIVE)) { | 414 | if (kflags & (1 << KEY_FLAG_NEGATIVE)) { |
| 404 | err = key->type_data.reject_error; | 415 | err = key->type_data.reject_error; |
| @@ -478,7 +489,7 @@ key_ref_t keyring_search(key_ref_t keyring, | |||
| 478 | return ERR_PTR(-ENOKEY); | 489 | return ERR_PTR(-ENOKEY); |
| 479 | 490 | ||
| 480 | return keyring_search_aux(keyring, current->cred, | 491 | return keyring_search_aux(keyring, current->cred, |
| 481 | type, description, type->match); | 492 | type, description, type->match, false); |
| 482 | } | 493 | } |
| 483 | EXPORT_SYMBOL(keyring_search); | 494 | EXPORT_SYMBOL(keyring_search); |
| 484 | 495 | ||
diff --git a/security/keys/proc.c b/security/keys/proc.c index 525cf8a29cdd..49bbc97943ad 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c | |||
| @@ -199,7 +199,7 @@ static int proc_keys_show(struct seq_file *m, void *v) | |||
| 199 | if (key->perm & KEY_POS_VIEW) { | 199 | if (key->perm & KEY_POS_VIEW) { |
| 200 | skey_ref = search_my_process_keyrings(key->type, key, | 200 | skey_ref = search_my_process_keyrings(key->type, key, |
| 201 | lookup_user_key_possessed, | 201 | lookup_user_key_possessed, |
| 202 | cred); | 202 | true, cred); |
| 203 | if (!IS_ERR(skey_ref)) { | 203 | if (!IS_ERR(skey_ref)) { |
| 204 | key_ref_put(skey_ref); | 204 | key_ref_put(skey_ref); |
| 205 | key_ref = make_key_ref(key, 1); | 205 | key_ref = make_key_ref(key, 1); |
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 930634e45149..6c0480db8885 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
| @@ -331,6 +331,7 @@ void key_fsgid_changed(struct task_struct *tsk) | |||
| 331 | key_ref_t search_my_process_keyrings(struct key_type *type, | 331 | key_ref_t search_my_process_keyrings(struct key_type *type, |
| 332 | const void *description, | 332 | const void *description, |
| 333 | key_match_func_t match, | 333 | key_match_func_t match, |
| 334 | bool no_state_check, | ||
| 334 | const struct cred *cred) | 335 | const struct cred *cred) |
| 335 | { | 336 | { |
| 336 | key_ref_t key_ref, ret, err; | 337 | key_ref_t key_ref, ret, err; |
| @@ -350,7 +351,7 @@ key_ref_t search_my_process_keyrings(struct key_type *type, | |||
| 350 | if (cred->thread_keyring) { | 351 | if (cred->thread_keyring) { |
| 351 | key_ref = keyring_search_aux( | 352 | key_ref = keyring_search_aux( |
| 352 | make_key_ref(cred->thread_keyring, 1), | 353 | make_key_ref(cred->thread_keyring, 1), |
| 353 | cred, type, description, match); | 354 | cred, type, description, match, no_state_check); |
| 354 | if (!IS_ERR(key_ref)) | 355 | if (!IS_ERR(key_ref)) |
| 355 | goto found; | 356 | goto found; |
| 356 | 357 | ||
| @@ -371,7 +372,7 @@ key_ref_t search_my_process_keyrings(struct key_type *type, | |||
| 371 | if (cred->tgcred->process_keyring) { | 372 | if (cred->tgcred->process_keyring) { |
| 372 | key_ref = keyring_search_aux( | 373 | key_ref = keyring_search_aux( |
| 373 | make_key_ref(cred->tgcred->process_keyring, 1), | 374 | make_key_ref(cred->tgcred->process_keyring, 1), |
| 374 | cred, type, description, match); | 375 | cred, type, description, match, no_state_check); |
| 375 | if (!IS_ERR(key_ref)) | 376 | if (!IS_ERR(key_ref)) |
| 376 | goto found; | 377 | goto found; |
| 377 | 378 | ||
| @@ -395,7 +396,7 @@ key_ref_t search_my_process_keyrings(struct key_type *type, | |||
| 395 | make_key_ref(rcu_dereference( | 396 | make_key_ref(rcu_dereference( |
| 396 | cred->tgcred->session_keyring), | 397 | cred->tgcred->session_keyring), |
| 397 | 1), | 398 | 1), |
| 398 | cred, type, description, match); | 399 | cred, type, description, match, no_state_check); |
| 399 | rcu_read_unlock(); | 400 | rcu_read_unlock(); |
| 400 | 401 | ||
| 401 | if (!IS_ERR(key_ref)) | 402 | if (!IS_ERR(key_ref)) |
| @@ -417,7 +418,7 @@ key_ref_t search_my_process_keyrings(struct key_type *type, | |||
| 417 | else if (cred->user->session_keyring) { | 418 | else if (cred->user->session_keyring) { |
| 418 | key_ref = keyring_search_aux( | 419 | key_ref = keyring_search_aux( |
| 419 | make_key_ref(cred->user->session_keyring, 1), | 420 | make_key_ref(cred->user->session_keyring, 1), |
| 420 | cred, type, description, match); | 421 | cred, type, description, match, no_state_check); |
| 421 | if (!IS_ERR(key_ref)) | 422 | if (!IS_ERR(key_ref)) |
| 422 | goto found; | 423 | goto found; |
| 423 | 424 | ||
| @@ -459,7 +460,8 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
| 459 | 460 | ||
| 460 | might_sleep(); | 461 | might_sleep(); |
| 461 | 462 | ||
| 462 | key_ref = search_my_process_keyrings(type, description, match, cred); | 463 | key_ref = search_my_process_keyrings(type, description, match, |
| 464 | false, cred); | ||
| 463 | if (!IS_ERR(key_ref)) | 465 | if (!IS_ERR(key_ref)) |
| 464 | goto found; | 466 | goto found; |
| 465 | err = key_ref; | 467 | err = key_ref; |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index df3c0417ee40..b18a71745901 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -530,8 +530,7 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 530 | dest_keyring, flags); | 530 | dest_keyring, flags); |
| 531 | 531 | ||
| 532 | /* search all the process keyrings for a key */ | 532 | /* search all the process keyrings for a key */ |
| 533 | key_ref = search_process_keyrings(type, description, type->match, | 533 | key_ref = search_process_keyrings(type, description, type->match, cred); |
| 534 | cred); | ||
| 535 | 534 | ||
| 536 | if (!IS_ERR(key_ref)) { | 535 | if (!IS_ERR(key_ref)) { |
| 537 | key = key_ref_to_ptr(key_ref); | 536 | key = key_ref_to_ptr(key_ref); |
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index 68164031a74e..f6337c9082eb 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c | |||
| @@ -59,7 +59,8 @@ static void request_key_auth_describe(const struct key *key, | |||
| 59 | 59 | ||
| 60 | seq_puts(m, "key:"); | 60 | seq_puts(m, "key:"); |
| 61 | seq_puts(m, key->description); | 61 | seq_puts(m, key->description); |
| 62 | seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len); | 62 | if (key_is_instantiated(key)) |
| 63 | seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len); | ||
| 63 | } | 64 | } |
| 64 | 65 | ||
| 65 | /* | 66 | /* |
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index f66baf44f32d..5b366d7af3c4 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c | |||
| @@ -157,8 +157,8 @@ EXPORT_SYMBOL_GPL(user_destroy); | |||
| 157 | void user_describe(const struct key *key, struct seq_file *m) | 157 | void user_describe(const struct key *key, struct seq_file *m) |
| 158 | { | 158 | { |
| 159 | seq_puts(m, key->description); | 159 | seq_puts(m, key->description); |
| 160 | 160 | if (key_is_instantiated(key)) | |
| 161 | seq_printf(m, ": %u", key->datalen); | 161 | seq_printf(m, ": %u", key->datalen); |
| 162 | } | 162 | } |
| 163 | 163 | ||
| 164 | EXPORT_SYMBOL_GPL(user_describe); | 164 | EXPORT_SYMBOL_GPL(user_describe); |
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 7556315c1978..a0d09e56874b 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
| @@ -108,10 +108,9 @@ static bool tomoyo_flush(struct tomoyo_io_buffer *head) | |||
| 108 | head->read_user_buf += len; | 108 | head->read_user_buf += len; |
| 109 | w += len; | 109 | w += len; |
| 110 | } | 110 | } |
| 111 | if (*w) { | 111 | head->r.w[0] = w; |
| 112 | head->r.w[0] = w; | 112 | if (*w) |
| 113 | return false; | 113 | return false; |
| 114 | } | ||
| 115 | /* Add '\0' for query. */ | 114 | /* Add '\0' for query. */ |
| 116 | if (head->poll) { | 115 | if (head->poll) { |
| 117 | if (!head->read_user_buf_avail || | 116 | if (!head->read_user_buf_avail || |
| @@ -459,8 +458,16 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head) | |||
| 459 | if (profile == &tomoyo_default_profile) | 458 | if (profile == &tomoyo_default_profile) |
| 460 | return -EINVAL; | 459 | return -EINVAL; |
| 461 | if (!strcmp(data, "COMMENT")) { | 460 | if (!strcmp(data, "COMMENT")) { |
| 462 | const struct tomoyo_path_info *old_comment = profile->comment; | 461 | static DEFINE_SPINLOCK(lock); |
| 463 | profile->comment = tomoyo_get_name(cp); | 462 | const struct tomoyo_path_info *new_comment |
| 463 | = tomoyo_get_name(cp); | ||
| 464 | const struct tomoyo_path_info *old_comment; | ||
| 465 | if (!new_comment) | ||
| 466 | return -ENOMEM; | ||
| 467 | spin_lock(&lock); | ||
| 468 | old_comment = profile->comment; | ||
| 469 | profile->comment = new_comment; | ||
| 470 | spin_unlock(&lock); | ||
| 464 | tomoyo_put_name(old_comment); | 471 | tomoyo_put_name(old_comment); |
| 465 | return 0; | 472 | return 0; |
| 466 | } | 473 | } |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index cb09f1fce910..d64e8ecb6fb3 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
| @@ -1011,7 +1011,6 @@ int tomoyo_path_perm(const u8 operation, struct path *path) | |||
| 1011 | break; | 1011 | break; |
| 1012 | case TOMOYO_TYPE_RMDIR: | 1012 | case TOMOYO_TYPE_RMDIR: |
| 1013 | case TOMOYO_TYPE_CHROOT: | 1013 | case TOMOYO_TYPE_CHROOT: |
| 1014 | case TOMOYO_TYPE_UMOUNT: | ||
| 1015 | tomoyo_add_slash(&buf); | 1014 | tomoyo_add_slash(&buf); |
| 1016 | break; | 1015 | break; |
| 1017 | } | 1016 | } |
diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index 297612669c74..42a7b1ba8cbf 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c | |||
| @@ -75,6 +75,7 @@ void *tomoyo_commit_ok(void *data, const unsigned int size) | |||
| 75 | memset(data, 0, size); | 75 | memset(data, 0, size); |
| 76 | return ptr; | 76 | return ptr; |
| 77 | } | 77 | } |
| 78 | kfree(ptr); | ||
| 78 | return NULL; | 79 | return NULL; |
| 79 | } | 80 | } |
| 80 | 81 | ||
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 82bf8c2390bc..162a864dba24 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c | |||
| @@ -143,6 +143,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name, | |||
| 143 | goto out; | 143 | goto out; |
| 144 | } | 144 | } |
| 145 | requested_dev_name = tomoyo_realpath_from_path(&path); | 145 | requested_dev_name = tomoyo_realpath_from_path(&path); |
| 146 | path_put(&path); | ||
| 146 | if (!requested_dev_name) { | 147 | if (!requested_dev_name) { |
| 147 | error = -ENOENT; | 148 | error = -ENOENT; |
| 148 | goto out; | 149 | goto out; |
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 9bfc1ee8222d..6d5393204d95 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c | |||
| @@ -390,7 +390,7 @@ bool tomoyo_correct_domain(const unsigned char *domainname) | |||
| 390 | if (!cp) | 390 | if (!cp) |
| 391 | break; | 391 | break; |
| 392 | if (*domainname != '/' || | 392 | if (*domainname != '/' || |
| 393 | !tomoyo_correct_word2(domainname, cp - domainname - 1)) | 393 | !tomoyo_correct_word2(domainname, cp - domainname)) |
| 394 | goto out; | 394 | goto out; |
| 395 | domainname = cp + 1; | 395 | domainname = cp + 1; |
| 396 | } | 396 | } |