aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/domain.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r--security/tomoyo/domain.c32
1 files changed, 23 insertions, 9 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 229de1e71a38..0b8262567809 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -203,7 +203,7 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
203{ 203{
204 struct tomoyo_domain_initializer_entry *entry = NULL; 204 struct tomoyo_domain_initializer_entry *entry = NULL;
205 struct tomoyo_domain_initializer_entry *ptr; 205 struct tomoyo_domain_initializer_entry *ptr;
206 const struct tomoyo_path_info *saved_program; 206 const struct tomoyo_path_info *saved_program = NULL;
207 const struct tomoyo_path_info *saved_domainname = NULL; 207 const struct tomoyo_path_info *saved_domainname = NULL;
208 int error = is_delete ? -ENOENT : -ENOMEM; 208 int error = is_delete ? -ENOENT : -ENOMEM;
209 bool is_last_name = false; 209 bool is_last_name = false;
@@ -216,11 +216,11 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
216 is_last_name = true; 216 is_last_name = true;
217 else if (!tomoyo_is_correct_domain(domainname, __func__)) 217 else if (!tomoyo_is_correct_domain(domainname, __func__))
218 return -EINVAL; 218 return -EINVAL;
219 saved_domainname = tomoyo_save_name(domainname); 219 saved_domainname = tomoyo_get_name(domainname);
220 if (!saved_domainname) 220 if (!saved_domainname)
221 goto out; 221 goto out;
222 } 222 }
223 saved_program = tomoyo_save_name(program); 223 saved_program = tomoyo_get_name(program);
224 if (!saved_program) 224 if (!saved_program)
225 goto out; 225 goto out;
226 if (!is_delete) 226 if (!is_delete)
@@ -237,7 +237,9 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
237 } 237 }
238 if (!is_delete && error && tomoyo_memory_ok(entry)) { 238 if (!is_delete && error && tomoyo_memory_ok(entry)) {
239 entry->domainname = saved_domainname; 239 entry->domainname = saved_domainname;
240 saved_domainname = NULL;
240 entry->program = saved_program; 241 entry->program = saved_program;
242 saved_program = NULL;
241 entry->is_not = is_not; 243 entry->is_not = is_not;
242 entry->is_last_name = is_last_name; 244 entry->is_last_name = is_last_name;
243 list_add_tail_rcu(&entry->list, 245 list_add_tail_rcu(&entry->list,
@@ -247,6 +249,8 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
247 } 249 }
248 mutex_unlock(&tomoyo_policy_lock); 250 mutex_unlock(&tomoyo_policy_lock);
249 out: 251 out:
252 tomoyo_put_name(saved_domainname);
253 tomoyo_put_name(saved_program);
250 kfree(entry); 254 kfree(entry);
251 return error; 255 return error;
252} 256}
@@ -419,7 +423,7 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
419{ 423{
420 struct tomoyo_domain_keeper_entry *entry = NULL; 424 struct tomoyo_domain_keeper_entry *entry = NULL;
421 struct tomoyo_domain_keeper_entry *ptr; 425 struct tomoyo_domain_keeper_entry *ptr;
422 const struct tomoyo_path_info *saved_domainname; 426 const struct tomoyo_path_info *saved_domainname = NULL;
423 const struct tomoyo_path_info *saved_program = NULL; 427 const struct tomoyo_path_info *saved_program = NULL;
424 int error = is_delete ? -ENOENT : -ENOMEM; 428 int error = is_delete ? -ENOENT : -ENOMEM;
425 bool is_last_name = false; 429 bool is_last_name = false;
@@ -432,11 +436,11 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
432 if (program) { 436 if (program) {
433 if (!tomoyo_is_correct_path(program, 1, -1, -1, __func__)) 437 if (!tomoyo_is_correct_path(program, 1, -1, -1, __func__))
434 return -EINVAL; 438 return -EINVAL;
435 saved_program = tomoyo_save_name(program); 439 saved_program = tomoyo_get_name(program);
436 if (!saved_program) 440 if (!saved_program)
437 goto out; 441 goto out;
438 } 442 }
439 saved_domainname = tomoyo_save_name(domainname); 443 saved_domainname = tomoyo_get_name(domainname);
440 if (!saved_domainname) 444 if (!saved_domainname)
441 goto out; 445 goto out;
442 if (!is_delete) 446 if (!is_delete)
@@ -453,7 +457,9 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
453 } 457 }
454 if (!is_delete && error && tomoyo_memory_ok(entry)) { 458 if (!is_delete && error && tomoyo_memory_ok(entry)) {
455 entry->domainname = saved_domainname; 459 entry->domainname = saved_domainname;
460 saved_domainname = NULL;
456 entry->program = saved_program; 461 entry->program = saved_program;
462 saved_program = NULL;
457 entry->is_not = is_not; 463 entry->is_not = is_not;
458 entry->is_last_name = is_last_name; 464 entry->is_last_name = is_last_name;
459 list_add_tail_rcu(&entry->list, &tomoyo_domain_keeper_list); 465 list_add_tail_rcu(&entry->list, &tomoyo_domain_keeper_list);
@@ -462,6 +468,8 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
462 } 468 }
463 mutex_unlock(&tomoyo_policy_lock); 469 mutex_unlock(&tomoyo_policy_lock);
464 out: 470 out:
471 tomoyo_put_name(saved_domainname);
472 tomoyo_put_name(saved_program);
465 kfree(entry); 473 kfree(entry);
466 return error; 474 return error;
467} 475}
@@ -623,8 +631,8 @@ static int tomoyo_update_alias_entry(const char *original_name,
623 if (!tomoyo_is_correct_path(original_name, 1, -1, -1, __func__) || 631 if (!tomoyo_is_correct_path(original_name, 1, -1, -1, __func__) ||
624 !tomoyo_is_correct_path(aliased_name, 1, -1, -1, __func__)) 632 !tomoyo_is_correct_path(aliased_name, 1, -1, -1, __func__))
625 return -EINVAL; /* No patterns allowed. */ 633 return -EINVAL; /* No patterns allowed. */
626 saved_original_name = tomoyo_save_name(original_name); 634 saved_original_name = tomoyo_get_name(original_name);
627 saved_aliased_name = tomoyo_save_name(aliased_name); 635 saved_aliased_name = tomoyo_get_name(aliased_name);
628 if (!saved_original_name || !saved_aliased_name) 636 if (!saved_original_name || !saved_aliased_name)
629 goto out; 637 goto out;
630 if (!is_delete) 638 if (!is_delete)
@@ -640,13 +648,17 @@ static int tomoyo_update_alias_entry(const char *original_name,
640 } 648 }
641 if (!is_delete && error && tomoyo_memory_ok(entry)) { 649 if (!is_delete && error && tomoyo_memory_ok(entry)) {
642 entry->original_name = saved_original_name; 650 entry->original_name = saved_original_name;
651 saved_original_name = NULL;
643 entry->aliased_name = saved_aliased_name; 652 entry->aliased_name = saved_aliased_name;
653 saved_aliased_name = NULL;
644 list_add_tail_rcu(&entry->list, &tomoyo_alias_list); 654 list_add_tail_rcu(&entry->list, &tomoyo_alias_list);
645 entry = NULL; 655 entry = NULL;
646 error = 0; 656 error = 0;
647 } 657 }
648 mutex_unlock(&tomoyo_policy_lock); 658 mutex_unlock(&tomoyo_policy_lock);
649 out: 659 out:
660 tomoyo_put_name(saved_original_name);
661 tomoyo_put_name(saved_aliased_name);
650 kfree(entry); 662 kfree(entry);
651 return error; 663 return error;
652} 664}
@@ -721,7 +733,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
721 733
722 if (!tomoyo_is_correct_domain(domainname, __func__)) 734 if (!tomoyo_is_correct_domain(domainname, __func__))
723 return NULL; 735 return NULL;
724 saved_domainname = tomoyo_save_name(domainname); 736 saved_domainname = tomoyo_get_name(domainname);
725 if (!saved_domainname) 737 if (!saved_domainname)
726 return NULL; 738 return NULL;
727 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 739 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
@@ -736,6 +748,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
736 if (!found && tomoyo_memory_ok(entry)) { 748 if (!found && tomoyo_memory_ok(entry)) {
737 INIT_LIST_HEAD(&entry->acl_info_list); 749 INIT_LIST_HEAD(&entry->acl_info_list);
738 entry->domainname = saved_domainname; 750 entry->domainname = saved_domainname;
751 saved_domainname = NULL;
739 entry->profile = profile; 752 entry->profile = profile;
740 list_add_tail_rcu(&entry->list, &tomoyo_domain_list); 753 list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
741 domain = entry; 754 domain = entry;
@@ -743,6 +756,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
743 found = true; 756 found = true;
744 } 757 }
745 mutex_unlock(&tomoyo_policy_lock); 758 mutex_unlock(&tomoyo_policy_lock);
759 tomoyo_put_name(saved_domainname);
746 kfree(entry); 760 kfree(entry);
747 return found ? domain : NULL; 761 return found ? domain : NULL;
748} 762}