diff options
Diffstat (limited to 'security/tomoyo/common.c')
-rw-r--r-- | security/tomoyo/common.c | 42 |
1 files changed, 6 insertions, 36 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 9eeb19ec6af4..cb1aaf148ad4 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -434,38 +434,6 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) | |||
434 | head->read_eof = true; | 434 | head->read_eof = true; |
435 | } | 435 | } |
436 | 436 | ||
437 | /* | ||
438 | * tomoyo_policy_manager_list is used for holding list of domainnames or | ||
439 | * programs which are permitted to modify configuration via | ||
440 | * /sys/kernel/security/tomoyo/ interface. | ||
441 | * | ||
442 | * An entry is added by | ||
443 | * | ||
444 | * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \ | ||
445 | * /sys/kernel/security/tomoyo/manager | ||
446 | * (if you want to specify by a domainname) | ||
447 | * | ||
448 | * or | ||
449 | * | ||
450 | * # echo '/usr/sbin/tomoyo-editpolicy' > /sys/kernel/security/tomoyo/manager | ||
451 | * (if you want to specify by a program's location) | ||
452 | * | ||
453 | * and is deleted by | ||
454 | * | ||
455 | * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \ | ||
456 | * /sys/kernel/security/tomoyo/manager | ||
457 | * | ||
458 | * or | ||
459 | * | ||
460 | * # echo 'delete /usr/sbin/tomoyo-editpolicy' > \ | ||
461 | * /sys/kernel/security/tomoyo/manager | ||
462 | * | ||
463 | * and all entries are retrieved by | ||
464 | * | ||
465 | * # cat /sys/kernel/security/tomoyo/manager | ||
466 | */ | ||
467 | LIST_HEAD(tomoyo_policy_manager_list); | ||
468 | |||
469 | static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, | 437 | static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, |
470 | const struct tomoyo_acl_head *b) | 438 | const struct tomoyo_acl_head *b) |
471 | { | 439 | { |
@@ -503,7 +471,7 @@ static int tomoyo_update_manager_entry(const char *manager, | |||
503 | if (!e.manager) | 471 | if (!e.manager) |
504 | return -ENOMEM; | 472 | return -ENOMEM; |
505 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 473 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
506 | &tomoyo_policy_manager_list, | 474 | &tomoyo_policy_list[TOMOYO_ID_MANAGER], |
507 | tomoyo_same_manager_entry); | 475 | tomoyo_same_manager_entry); |
508 | tomoyo_put_name(e.manager); | 476 | tomoyo_put_name(e.manager); |
509 | return error; | 477 | return error; |
@@ -545,7 +513,7 @@ static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) | |||
545 | if (head->read_eof) | 513 | if (head->read_eof) |
546 | return; | 514 | return; |
547 | list_for_each_cookie(pos, head->read_var2, | 515 | list_for_each_cookie(pos, head->read_var2, |
548 | &tomoyo_policy_manager_list) { | 516 | &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { |
549 | struct tomoyo_policy_manager_entry *ptr; | 517 | struct tomoyo_policy_manager_entry *ptr; |
550 | ptr = list_entry(pos, struct tomoyo_policy_manager_entry, | 518 | ptr = list_entry(pos, struct tomoyo_policy_manager_entry, |
551 | head.list); | 519 | head.list); |
@@ -578,7 +546,8 @@ static bool tomoyo_policy_manager(void) | |||
578 | return true; | 546 | return true; |
579 | if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) | 547 | if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) |
580 | return false; | 548 | return false; |
581 | list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { | 549 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], |
550 | head.list) { | ||
582 | if (!ptr->head.is_deleted && ptr->is_domain | 551 | if (!ptr->head.is_deleted && ptr->is_domain |
583 | && !tomoyo_pathcmp(domainname, ptr->manager)) { | 552 | && !tomoyo_pathcmp(domainname, ptr->manager)) { |
584 | found = true; | 553 | found = true; |
@@ -590,7 +559,8 @@ static bool tomoyo_policy_manager(void) | |||
590 | exe = tomoyo_get_exe(); | 559 | exe = tomoyo_get_exe(); |
591 | if (!exe) | 560 | if (!exe) |
592 | return false; | 561 | return false; |
593 | list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { | 562 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], |
563 | head.list) { | ||
594 | if (!ptr->head.is_deleted && !ptr->is_domain | 564 | if (!ptr->head.is_deleted && !ptr->is_domain |
595 | && !strcmp(exe, ptr->manager->name)) { | 565 | && !strcmp(exe, ptr->manager->name)) { |
596 | found = true; | 566 | found = true; |