diff options
Diffstat (limited to 'security/tomoyo/tomoyo.c')
| -rw-r--r-- | security/tomoyo/tomoyo.c | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 3194d09fe0f4..9548a0984cc4 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
| @@ -14,6 +14,12 @@ | |||
| 14 | #include "tomoyo.h" | 14 | #include "tomoyo.h" |
| 15 | #include "realpath.h" | 15 | #include "realpath.h" |
| 16 | 16 | ||
| 17 | static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) | ||
| 18 | { | ||
| 19 | new->security = NULL; | ||
| 20 | return 0; | ||
| 21 | } | ||
| 22 | |||
| 17 | static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, | 23 | static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, |
| 18 | gfp_t gfp) | 24 | gfp_t gfp) |
| 19 | { | 25 | { |
| @@ -25,6 +31,15 @@ static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, | |||
| 25 | return 0; | 31 | return 0; |
| 26 | } | 32 | } |
| 27 | 33 | ||
| 34 | static void tomoyo_cred_transfer(struct cred *new, const struct cred *old) | ||
| 35 | { | ||
| 36 | /* | ||
| 37 | * Since "struct tomoyo_domain_info *" is a sharable pointer, | ||
| 38 | * we don't need to duplicate. | ||
| 39 | */ | ||
| 40 | new->security = old->security; | ||
| 41 | } | ||
| 42 | |||
| 28 | static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) | 43 | static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) |
| 29 | { | 44 | { |
| 30 | int rc; | 45 | int rc; |
| @@ -61,14 +76,8 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) | |||
| 61 | * Execute permission is checked against pathname passed to do_execve() | 76 | * Execute permission is checked against pathname passed to do_execve() |
| 62 | * using current domain. | 77 | * using current domain. |
| 63 | */ | 78 | */ |
| 64 | if (!domain) { | 79 | if (!domain) |
| 65 | struct tomoyo_domain_info *next_domain = NULL; | 80 | return tomoyo_find_next_domain(bprm); |
| 66 | int retval = tomoyo_find_next_domain(bprm, &next_domain); | ||
| 67 | |||
| 68 | if (!retval) | ||
| 69 | bprm->cred->security = next_domain; | ||
| 70 | return retval; | ||
| 71 | } | ||
| 72 | /* | 81 | /* |
| 73 | * Read permission is checked against interpreters using next domain. | 82 | * Read permission is checked against interpreters using next domain. |
| 74 | * '1' is the result of open_to_namei_flags(O_RDONLY). | 83 | * '1' is the result of open_to_namei_flags(O_RDONLY). |
| @@ -268,7 +277,9 @@ static int tomoyo_dentry_open(struct file *f, const struct cred *cred) | |||
| 268 | */ | 277 | */ |
| 269 | static struct security_operations tomoyo_security_ops = { | 278 | static struct security_operations tomoyo_security_ops = { |
| 270 | .name = "tomoyo", | 279 | .name = "tomoyo", |
| 280 | .cred_alloc_blank = tomoyo_cred_alloc_blank, | ||
| 271 | .cred_prepare = tomoyo_cred_prepare, | 281 | .cred_prepare = tomoyo_cred_prepare, |
| 282 | .cred_transfer = tomoyo_cred_transfer, | ||
| 272 | .bprm_set_creds = tomoyo_bprm_set_creds, | 283 | .bprm_set_creds = tomoyo_bprm_set_creds, |
| 273 | .bprm_check_security = tomoyo_bprm_check_security, | 284 | .bprm_check_security = tomoyo_bprm_check_security, |
| 274 | #ifdef CONFIG_SYSCTL | 285 | #ifdef CONFIG_SYSCTL |