diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/tomoyo/common.c | 26 | ||||
| -rw-r--r-- | security/tomoyo/common.h | 1 |
2 files changed, 6 insertions, 21 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 8656b16eef7b..2e0f12c62938 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
| @@ -850,14 +850,9 @@ static int tomoyo_update_manager_entry(const char *manager, | |||
| 850 | policy_list[TOMOYO_ID_MANAGER], | 850 | policy_list[TOMOYO_ID_MANAGER], |
| 851 | }; | 851 | }; |
| 852 | int error = is_delete ? -ENOENT : -ENOMEM; | 852 | int error = is_delete ? -ENOENT : -ENOMEM; |
| 853 | if (tomoyo_domain_def(manager)) { | 853 | if (!tomoyo_correct_domain(manager) && |
| 854 | if (!tomoyo_correct_domain(manager)) | 854 | !tomoyo_correct_word(manager)) |
| 855 | return -EINVAL; | 855 | return -EINVAL; |
| 856 | e.is_domain = true; | ||
| 857 | } else { | ||
| 858 | if (!tomoyo_correct_path(manager)) | ||
| 859 | return -EINVAL; | ||
| 860 | } | ||
| 861 | e.manager = tomoyo_get_name(manager); | 856 | e.manager = tomoyo_get_name(manager); |
| 862 | if (e.manager) { | 857 | if (e.manager) { |
| 863 | error = tomoyo_update_policy(&e.head, sizeof(e), ¶m, | 858 | error = tomoyo_update_policy(&e.head, sizeof(e), ¶m, |
| @@ -932,23 +927,14 @@ static bool tomoyo_manager(void) | |||
| 932 | return true; | 927 | return true; |
| 933 | if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) | 928 | if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) |
| 934 | return false; | 929 | return false; |
| 935 | list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. | ||
| 936 | policy_list[TOMOYO_ID_MANAGER], head.list) { | ||
| 937 | if (!ptr->head.is_deleted && ptr->is_domain | ||
| 938 | && !tomoyo_pathcmp(domainname, ptr->manager)) { | ||
| 939 | found = true; | ||
| 940 | break; | ||
| 941 | } | ||
| 942 | } | ||
| 943 | if (found) | ||
| 944 | return true; | ||
| 945 | exe = tomoyo_get_exe(); | 930 | exe = tomoyo_get_exe(); |
| 946 | if (!exe) | 931 | if (!exe) |
| 947 | return false; | 932 | return false; |
| 948 | list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. | 933 | list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. |
| 949 | policy_list[TOMOYO_ID_MANAGER], head.list) { | 934 | policy_list[TOMOYO_ID_MANAGER], head.list) { |
| 950 | if (!ptr->head.is_deleted && !ptr->is_domain | 935 | if (!ptr->head.is_deleted && |
| 951 | && !strcmp(exe, ptr->manager->name)) { | 936 | (!tomoyo_pathcmp(domainname, ptr->manager) || |
| 937 | !strcmp(exe, ptr->manager->name))) { | ||
| 952 | found = true; | 938 | found = true; |
| 953 | break; | 939 | break; |
| 954 | } | 940 | } |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 30fd98369700..75e4dc1c02a0 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
| @@ -860,7 +860,6 @@ struct tomoyo_aggregator { | |||
| 860 | /* Structure for policy manager. */ | 860 | /* Structure for policy manager. */ |
| 861 | struct tomoyo_manager { | 861 | struct tomoyo_manager { |
| 862 | struct tomoyo_acl_head head; | 862 | struct tomoyo_acl_head head; |
| 863 | bool is_domain; /* True if manager is a domainname. */ | ||
| 864 | /* A path to program or a domainname. */ | 863 | /* A path to program or a domainname. */ |
| 865 | const struct tomoyo_path_info *manager; | 864 | const struct tomoyo_path_info *manager; |
| 866 | }; | 865 | }; |