diff options
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r-- | security/tomoyo/domain.c | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 229de1e71a38..0b8262567809 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
@@ -203,7 +203,7 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, | |||
203 | { | 203 | { |
204 | struct tomoyo_domain_initializer_entry *entry = NULL; | 204 | struct tomoyo_domain_initializer_entry *entry = NULL; |
205 | struct tomoyo_domain_initializer_entry *ptr; | 205 | struct tomoyo_domain_initializer_entry *ptr; |
206 | const struct tomoyo_path_info *saved_program; | 206 | const struct tomoyo_path_info *saved_program = NULL; |
207 | const struct tomoyo_path_info *saved_domainname = NULL; | 207 | const struct tomoyo_path_info *saved_domainname = NULL; |
208 | int error = is_delete ? -ENOENT : -ENOMEM; | 208 | int error = is_delete ? -ENOENT : -ENOMEM; |
209 | bool is_last_name = false; | 209 | bool is_last_name = false; |
@@ -216,11 +216,11 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, | |||
216 | is_last_name = true; | 216 | is_last_name = true; |
217 | else if (!tomoyo_is_correct_domain(domainname, __func__)) | 217 | else if (!tomoyo_is_correct_domain(domainname, __func__)) |
218 | return -EINVAL; | 218 | return -EINVAL; |
219 | saved_domainname = tomoyo_save_name(domainname); | 219 | saved_domainname = tomoyo_get_name(domainname); |
220 | if (!saved_domainname) | 220 | if (!saved_domainname) |
221 | goto out; | 221 | goto out; |
222 | } | 222 | } |
223 | saved_program = tomoyo_save_name(program); | 223 | saved_program = tomoyo_get_name(program); |
224 | if (!saved_program) | 224 | if (!saved_program) |
225 | goto out; | 225 | goto out; |
226 | if (!is_delete) | 226 | if (!is_delete) |
@@ -237,7 +237,9 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, | |||
237 | } | 237 | } |
238 | if (!is_delete && error && tomoyo_memory_ok(entry)) { | 238 | if (!is_delete && error && tomoyo_memory_ok(entry)) { |
239 | entry->domainname = saved_domainname; | 239 | entry->domainname = saved_domainname; |
240 | saved_domainname = NULL; | ||
240 | entry->program = saved_program; | 241 | entry->program = saved_program; |
242 | saved_program = NULL; | ||
241 | entry->is_not = is_not; | 243 | entry->is_not = is_not; |
242 | entry->is_last_name = is_last_name; | 244 | entry->is_last_name = is_last_name; |
243 | list_add_tail_rcu(&entry->list, | 245 | list_add_tail_rcu(&entry->list, |
@@ -247,6 +249,8 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, | |||
247 | } | 249 | } |
248 | mutex_unlock(&tomoyo_policy_lock); | 250 | mutex_unlock(&tomoyo_policy_lock); |
249 | out: | 251 | out: |
252 | tomoyo_put_name(saved_domainname); | ||
253 | tomoyo_put_name(saved_program); | ||
250 | kfree(entry); | 254 | kfree(entry); |
251 | return error; | 255 | return error; |
252 | } | 256 | } |
@@ -419,7 +423,7 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, | |||
419 | { | 423 | { |
420 | struct tomoyo_domain_keeper_entry *entry = NULL; | 424 | struct tomoyo_domain_keeper_entry *entry = NULL; |
421 | struct tomoyo_domain_keeper_entry *ptr; | 425 | struct tomoyo_domain_keeper_entry *ptr; |
422 | const struct tomoyo_path_info *saved_domainname; | 426 | const struct tomoyo_path_info *saved_domainname = NULL; |
423 | const struct tomoyo_path_info *saved_program = NULL; | 427 | const struct tomoyo_path_info *saved_program = NULL; |
424 | int error = is_delete ? -ENOENT : -ENOMEM; | 428 | int error = is_delete ? -ENOENT : -ENOMEM; |
425 | bool is_last_name = false; | 429 | bool is_last_name = false; |
@@ -432,11 +436,11 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, | |||
432 | if (program) { | 436 | if (program) { |
433 | if (!tomoyo_is_correct_path(program, 1, -1, -1, __func__)) | 437 | if (!tomoyo_is_correct_path(program, 1, -1, -1, __func__)) |
434 | return -EINVAL; | 438 | return -EINVAL; |
435 | saved_program = tomoyo_save_name(program); | 439 | saved_program = tomoyo_get_name(program); |
436 | if (!saved_program) | 440 | if (!saved_program) |
437 | goto out; | 441 | goto out; |
438 | } | 442 | } |
439 | saved_domainname = tomoyo_save_name(domainname); | 443 | saved_domainname = tomoyo_get_name(domainname); |
440 | if (!saved_domainname) | 444 | if (!saved_domainname) |
441 | goto out; | 445 | goto out; |
442 | if (!is_delete) | 446 | if (!is_delete) |
@@ -453,7 +457,9 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, | |||
453 | } | 457 | } |
454 | if (!is_delete && error && tomoyo_memory_ok(entry)) { | 458 | if (!is_delete && error && tomoyo_memory_ok(entry)) { |
455 | entry->domainname = saved_domainname; | 459 | entry->domainname = saved_domainname; |
460 | saved_domainname = NULL; | ||
456 | entry->program = saved_program; | 461 | entry->program = saved_program; |
462 | saved_program = NULL; | ||
457 | entry->is_not = is_not; | 463 | entry->is_not = is_not; |
458 | entry->is_last_name = is_last_name; | 464 | entry->is_last_name = is_last_name; |
459 | list_add_tail_rcu(&entry->list, &tomoyo_domain_keeper_list); | 465 | list_add_tail_rcu(&entry->list, &tomoyo_domain_keeper_list); |
@@ -462,6 +468,8 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, | |||
462 | } | 468 | } |
463 | mutex_unlock(&tomoyo_policy_lock); | 469 | mutex_unlock(&tomoyo_policy_lock); |
464 | out: | 470 | out: |
471 | tomoyo_put_name(saved_domainname); | ||
472 | tomoyo_put_name(saved_program); | ||
465 | kfree(entry); | 473 | kfree(entry); |
466 | return error; | 474 | return error; |
467 | } | 475 | } |
@@ -623,8 +631,8 @@ static int tomoyo_update_alias_entry(const char *original_name, | |||
623 | if (!tomoyo_is_correct_path(original_name, 1, -1, -1, __func__) || | 631 | if (!tomoyo_is_correct_path(original_name, 1, -1, -1, __func__) || |
624 | !tomoyo_is_correct_path(aliased_name, 1, -1, -1, __func__)) | 632 | !tomoyo_is_correct_path(aliased_name, 1, -1, -1, __func__)) |
625 | return -EINVAL; /* No patterns allowed. */ | 633 | return -EINVAL; /* No patterns allowed. */ |
626 | saved_original_name = tomoyo_save_name(original_name); | 634 | saved_original_name = tomoyo_get_name(original_name); |
627 | saved_aliased_name = tomoyo_save_name(aliased_name); | 635 | saved_aliased_name = tomoyo_get_name(aliased_name); |
628 | if (!saved_original_name || !saved_aliased_name) | 636 | if (!saved_original_name || !saved_aliased_name) |
629 | goto out; | 637 | goto out; |
630 | if (!is_delete) | 638 | if (!is_delete) |
@@ -640,13 +648,17 @@ static int tomoyo_update_alias_entry(const char *original_name, | |||
640 | } | 648 | } |
641 | if (!is_delete && error && tomoyo_memory_ok(entry)) { | 649 | if (!is_delete && error && tomoyo_memory_ok(entry)) { |
642 | entry->original_name = saved_original_name; | 650 | entry->original_name = saved_original_name; |
651 | saved_original_name = NULL; | ||
643 | entry->aliased_name = saved_aliased_name; | 652 | entry->aliased_name = saved_aliased_name; |
653 | saved_aliased_name = NULL; | ||
644 | list_add_tail_rcu(&entry->list, &tomoyo_alias_list); | 654 | list_add_tail_rcu(&entry->list, &tomoyo_alias_list); |
645 | entry = NULL; | 655 | entry = NULL; |
646 | error = 0; | 656 | error = 0; |
647 | } | 657 | } |
648 | mutex_unlock(&tomoyo_policy_lock); | 658 | mutex_unlock(&tomoyo_policy_lock); |
649 | out: | 659 | out: |
660 | tomoyo_put_name(saved_original_name); | ||
661 | tomoyo_put_name(saved_aliased_name); | ||
650 | kfree(entry); | 662 | kfree(entry); |
651 | return error; | 663 | return error; |
652 | } | 664 | } |
@@ -721,7 +733,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * | |||
721 | 733 | ||
722 | if (!tomoyo_is_correct_domain(domainname, __func__)) | 734 | if (!tomoyo_is_correct_domain(domainname, __func__)) |
723 | return NULL; | 735 | return NULL; |
724 | saved_domainname = tomoyo_save_name(domainname); | 736 | saved_domainname = tomoyo_get_name(domainname); |
725 | if (!saved_domainname) | 737 | if (!saved_domainname) |
726 | return NULL; | 738 | return NULL; |
727 | entry = kzalloc(sizeof(*entry), GFP_KERNEL); | 739 | entry = kzalloc(sizeof(*entry), GFP_KERNEL); |
@@ -736,6 +748,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * | |||
736 | if (!found && tomoyo_memory_ok(entry)) { | 748 | if (!found && tomoyo_memory_ok(entry)) { |
737 | INIT_LIST_HEAD(&entry->acl_info_list); | 749 | INIT_LIST_HEAD(&entry->acl_info_list); |
738 | entry->domainname = saved_domainname; | 750 | entry->domainname = saved_domainname; |
751 | saved_domainname = NULL; | ||
739 | entry->profile = profile; | 752 | entry->profile = profile; |
740 | list_add_tail_rcu(&entry->list, &tomoyo_domain_list); | 753 | list_add_tail_rcu(&entry->list, &tomoyo_domain_list); |
741 | domain = entry; | 754 | domain = entry; |
@@ -743,6 +756,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * | |||
743 | found = true; | 756 | found = true; |
744 | } | 757 | } |
745 | mutex_unlock(&tomoyo_policy_lock); | 758 | mutex_unlock(&tomoyo_policy_lock); |
759 | tomoyo_put_name(saved_domainname); | ||
746 | kfree(entry); | 760 | kfree(entry); |
747 | return found ? domain : NULL; | 761 | return found ? domain : NULL; |
748 | } | 762 | } |