diff options
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r-- | security/tomoyo/domain.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 7893127d8770..0f02c7852090 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
@@ -69,7 +69,7 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, | |||
69 | static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a, | 69 | static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a, |
70 | const struct tomoyo_acl_info *b) | 70 | const struct tomoyo_acl_info *b) |
71 | { | 71 | { |
72 | return a->type == b->type; | 72 | return a->type == b->type && a->cond == b->cond; |
73 | } | 73 | } |
74 | 74 | ||
75 | /** | 75 | /** |
@@ -100,8 +100,13 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, | |||
100 | struct tomoyo_acl_info *entry; | 100 | struct tomoyo_acl_info *entry; |
101 | struct list_head * const list = param->list; | 101 | struct list_head * const list = param->list; |
102 | 102 | ||
103 | if (param->data[0]) { | ||
104 | new_entry->cond = tomoyo_get_condition(param); | ||
105 | if (!new_entry->cond) | ||
106 | return -EINVAL; | ||
107 | } | ||
103 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) | 108 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
104 | return error; | 109 | goto out; |
105 | list_for_each_entry_rcu(entry, list, list) { | 110 | list_for_each_entry_rcu(entry, list, list) { |
106 | if (!tomoyo_same_acl_head(entry, new_entry) || | 111 | if (!tomoyo_same_acl_head(entry, new_entry) || |
107 | !check_duplicate(entry, new_entry)) | 112 | !check_duplicate(entry, new_entry)) |
@@ -122,6 +127,8 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, | |||
122 | } | 127 | } |
123 | } | 128 | } |
124 | mutex_unlock(&tomoyo_policy_lock); | 129 | mutex_unlock(&tomoyo_policy_lock); |
130 | out: | ||
131 | tomoyo_put_condition(new_entry->cond); | ||
125 | return error; | 132 | return error; |
126 | } | 133 | } |
127 | 134 | ||
@@ -148,10 +155,12 @@ retry: | |||
148 | list_for_each_entry_rcu(ptr, list, list) { | 155 | list_for_each_entry_rcu(ptr, list, list) { |
149 | if (ptr->is_deleted || ptr->type != r->param_type) | 156 | if (ptr->is_deleted || ptr->type != r->param_type) |
150 | continue; | 157 | continue; |
151 | if (check_entry(r, ptr)) { | 158 | if (!check_entry(r, ptr)) |
152 | r->granted = true; | 159 | continue; |
153 | return; | 160 | if (!tomoyo_condition(r, ptr->cond)) |
154 | } | 161 | continue; |
162 | r->granted = true; | ||
163 | return; | ||
155 | } | 164 | } |
156 | if (!retried) { | 165 | if (!retried) { |
157 | retried = true; | 166 | retried = true; |