Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / 484ca79c653121d3c79fffb86e1deea724f2e20b^! / . / security / tomoyo / common.h
commit484ca79c653121d3c79fffb86e1deea724f2e20b[log] [tgz]
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>Thu Jul 29 14:29:55 2010 +0900
committerJames Morris <jmorris@namei.org>Mon Aug 02 15:38:38 2010 +1000
tree457aa73e37c9b5e5b4306430f40d1985b59ca226
parent4d6ec10bb4461fdc9a9ab94ef32934e13564e873 [diff] [blame]
TOMOYO: Use pathname specified by policy rather than execve()

Commit c9e69318 "TOMOYO: Allow wildcard for execute permission." changed execute
permission and domainname to accept wildcards. But tomoyo_find_next_domain()
was using pathname passed to execve() rather than pathname specified by the
execute permission. As a result, processes were not able to transit to domains
which contain wildcards in their domainnames.

This patch passes pathname specified by the execute permission back to
tomoyo_find_next_domain() so that processes can transit to domains which
contain wildcards in their domainnames.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 2ffad61..04454cb 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h

@@ -246,6 +246,8 @@
 	union {
 		struct {
 			const struct tomoyo_path_info *filename;
+			/* For using wildcards at tomoyo_find_next_domain(). */
+			const struct tomoyo_path_info *matched_path;
 			u8 operation;
 		} path;
 		struct {
@@ -718,8 +720,9 @@
 /* Print out of memory warning message. */
 void tomoyo_warn_oom(const char *function);
 /* Check whether the given name matches the given name_union. */
-bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,
-			       const struct tomoyo_name_union *ptr);
+const struct tomoyo_path_info *
+tomoyo_compare_name_union(const struct tomoyo_path_info *name,
+			  const struct tomoyo_name_union *ptr);
 /* Check whether the given number matches the given number_union. */
 bool tomoyo_compare_number_union(const unsigned long value,
 				 const struct tomoyo_number_union *ptr);
@@ -736,8 +739,9 @@
 bool tomoyo_parse_name_union(const char *filename,
 			     struct tomoyo_name_union *ptr);
 /* Check whether the given filename matches the given path_group. */
-bool tomoyo_path_matches_group(const struct tomoyo_path_info *pathname,
-			       const struct tomoyo_group *group);
+const struct tomoyo_path_info *
+tomoyo_path_matches_group(const struct tomoyo_path_info *pathname,
+			  const struct tomoyo_group *group);
 /* Check whether the given value matches the given number_group. */
 bool tomoyo_number_matches_group(const unsigned long min,
 				 const unsigned long max,
@@ -879,7 +883,7 @@
 						  const struct tomoyo_acl_head
 						  *));
 void tomoyo_check_acl(struct tomoyo_request_info *r,
-		      bool (*check_entry) (const struct tomoyo_request_info *,
+		      bool (*check_entry) (struct tomoyo_request_info *,
 					   const struct tomoyo_acl_info *));
 
 /********** External variable definitions. **********/