diff options
Diffstat (limited to 'security/tomoyo/domain.c')
| -rw-r--r-- | security/tomoyo/domain.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 7b8693e29a13..50f6e7972174 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
| @@ -131,11 +131,11 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, | |||
| 131 | struct tomoyo_domain_initializer_entry e = { .is_not = is_not }; | 131 | struct tomoyo_domain_initializer_entry e = { .is_not = is_not }; |
| 132 | int error = is_delete ? -ENOENT : -ENOMEM; | 132 | int error = is_delete ? -ENOENT : -ENOMEM; |
| 133 | 133 | ||
| 134 | if (!tomoyo_is_correct_path(program, 1, -1, -1)) | 134 | if (!tomoyo_is_correct_path(program)) |
| 135 | return -EINVAL; /* No patterns allowed. */ | 135 | return -EINVAL; |
| 136 | if (domainname) { | 136 | if (domainname) { |
| 137 | if (!tomoyo_is_domain_def(domainname) && | 137 | if (!tomoyo_is_domain_def(domainname) && |
| 138 | tomoyo_is_correct_path(domainname, 1, -1, -1)) | 138 | tomoyo_is_correct_path(domainname)) |
| 139 | e.is_last_name = true; | 139 | e.is_last_name = true; |
| 140 | else if (!tomoyo_is_correct_domain(domainname)) | 140 | else if (!tomoyo_is_correct_domain(domainname)) |
| 141 | return -EINVAL; | 141 | return -EINVAL; |
| @@ -342,12 +342,12 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, | |||
| 342 | int error = is_delete ? -ENOENT : -ENOMEM; | 342 | int error = is_delete ? -ENOENT : -ENOMEM; |
| 343 | 343 | ||
| 344 | if (!tomoyo_is_domain_def(domainname) && | 344 | if (!tomoyo_is_domain_def(domainname) && |
| 345 | tomoyo_is_correct_path(domainname, 1, -1, -1)) | 345 | tomoyo_is_correct_path(domainname)) |
| 346 | e.is_last_name = true; | 346 | e.is_last_name = true; |
| 347 | else if (!tomoyo_is_correct_domain(domainname)) | 347 | else if (!tomoyo_is_correct_domain(domainname)) |
| 348 | return -EINVAL; | 348 | return -EINVAL; |
| 349 | if (program) { | 349 | if (program) { |
| 350 | if (!tomoyo_is_correct_path(program, 1, -1, -1)) | 350 | if (!tomoyo_is_correct_path(program)) |
| 351 | return -EINVAL; | 351 | return -EINVAL; |
| 352 | e.program = tomoyo_get_name(program); | 352 | e.program = tomoyo_get_name(program); |
| 353 | if (!e.program) | 353 | if (!e.program) |
| @@ -533,13 +533,14 @@ static int tomoyo_update_alias_entry(const char *original_name, | |||
| 533 | struct tomoyo_alias_entry e = { }; | 533 | struct tomoyo_alias_entry e = { }; |
| 534 | int error = is_delete ? -ENOENT : -ENOMEM; | 534 | int error = is_delete ? -ENOENT : -ENOMEM; |
| 535 | 535 | ||
| 536 | if (!tomoyo_is_correct_path(original_name, 1, -1, -1) || | 536 | if (!tomoyo_is_correct_path(original_name) || |
| 537 | !tomoyo_is_correct_path(aliased_name, 1, -1, -1)) | 537 | !tomoyo_is_correct_path(aliased_name)) |
| 538 | return -EINVAL; /* No patterns allowed. */ | 538 | return -EINVAL; |
| 539 | e.original_name = tomoyo_get_name(original_name); | 539 | e.original_name = tomoyo_get_name(original_name); |
| 540 | e.aliased_name = tomoyo_get_name(aliased_name); | 540 | e.aliased_name = tomoyo_get_name(aliased_name); |
| 541 | if (!e.original_name || !e.aliased_name) | 541 | if (!e.original_name || !e.aliased_name || |
| 542 | goto out; | 542 | e.original_name->is_patterned || e.aliased_name->is_patterned) |
| 543 | goto out; /* No patterns allowed. */ | ||
| 543 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) | 544 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
| 544 | goto out; | 545 | goto out; |
| 545 | list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) { | 546 | list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) { |