aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/domain.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r--security/tomoyo/domain.c21
1 files changed, 15 insertions, 6 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 7893127d8770..0f02c7852090 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -69,7 +69,7 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
69static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a, 69static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,
70 const struct tomoyo_acl_info *b) 70 const struct tomoyo_acl_info *b)
71{ 71{
72 return a->type == b->type; 72 return a->type == b->type && a->cond == b->cond;
73} 73}
74 74
75/** 75/**
@@ -100,8 +100,13 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
100 struct tomoyo_acl_info *entry; 100 struct tomoyo_acl_info *entry;
101 struct list_head * const list = param->list; 101 struct list_head * const list = param->list;
102 102
103 if (param->data[0]) {
104 new_entry->cond = tomoyo_get_condition(param);
105 if (!new_entry->cond)
106 return -EINVAL;
107 }
103 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 108 if (mutex_lock_interruptible(&tomoyo_policy_lock))
104 return error; 109 goto out;
105 list_for_each_entry_rcu(entry, list, list) { 110 list_for_each_entry_rcu(entry, list, list) {
106 if (!tomoyo_same_acl_head(entry, new_entry) || 111 if (!tomoyo_same_acl_head(entry, new_entry) ||
107 !check_duplicate(entry, new_entry)) 112 !check_duplicate(entry, new_entry))
@@ -122,6 +127,8 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
122 } 127 }
123 } 128 }
124 mutex_unlock(&tomoyo_policy_lock); 129 mutex_unlock(&tomoyo_policy_lock);
130out:
131 tomoyo_put_condition(new_entry->cond);
125 return error; 132 return error;
126} 133}
127 134
@@ -148,10 +155,12 @@ retry:
148 list_for_each_entry_rcu(ptr, list, list) { 155 list_for_each_entry_rcu(ptr, list, list) {
149 if (ptr->is_deleted || ptr->type != r->param_type) 156 if (ptr->is_deleted || ptr->type != r->param_type)
150 continue; 157 continue;
151 if (check_entry(r, ptr)) { 158 if (!check_entry(r, ptr))
152 r->granted = true; 159 continue;
153 return; 160 if (!tomoyo_condition(r, ptr->cond))
154 } 161 continue;
162 r->granted = true;
163 return;
155 } 164 }
156 if (!retried) { 165 if (!retried) {
157 retried = true; 166 retried = true;