summaryrefslogtreecommitdiff
path: root/security/tomoyo/domain.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-07-29 09:29:55 +0400
committerJames Morris <jmorris@namei.org>2010-08-02 09:38:38 +0400
commit484ca79c653121d3c79fffb86e1deea724f2e20b (patch)
tree457aa73e37c9b5e5b4306430f40d1985b59ca226 /security/tomoyo/domain.c
parent4d6ec10bb4461fdc9a9ab94ef32934e13564e873 (diff)
downloadlinux-484ca79c653121d3c79fffb86e1deea724f2e20b.tar.xz
TOMOYO: Use pathname specified by policy rather than execve()
Commit c9e69318 "TOMOYO: Allow wildcard for execute permission." changed execute permission and domainname to accept wildcards. But tomoyo_find_next_domain() was using pathname passed to execve() rather than pathname specified by the execute permission. As a result, processes were not able to transit to domains which contain wildcards in their domainnames. This patch passes pathname specified by the execute permission back to tomoyo_find_next_domain() so that processes can transit to domains which contain wildcards in their domainnames. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r--security/tomoyo/domain.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 4e0101b0041a..35388408e475 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -110,7 +110,7 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
}
void tomoyo_check_acl(struct tomoyo_request_info *r,
- bool (*check_entry) (const struct tomoyo_request_info *,
+ bool (*check_entry) (struct tomoyo_request_info *,
const struct tomoyo_acl_info *))
{
const struct tomoyo_domain_info *domain = r->domain;
@@ -465,6 +465,19 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
goto retry;
if (retval < 0)
goto out;
+ /*
+ * To be able to specify domainnames with wildcards, use the
+ * pathname specified in the policy (which may contain
+ * wildcard) rather than the pathname passed to execve()
+ * (which never contains wildcard).
+ */
+ if (r.param.path.matched_path) {
+ if (need_kfree)
+ kfree(rn.name);
+ need_kfree = false;
+ /* This is OK because it is read only. */
+ rn = *r.param.path.matched_path;
+ }
/* Calculate domain to transit to. */
switch (tomoyo_transition_type(old_domain->domainname, &rn)) {