Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

TOMOYO: Accept manager programs which do not start with / .

The pathname of /usr/sbin/tomoyo-editpolicy seen from Ubuntu 12.04 Live CD is
squashfs:/usr/sbin/tomoyo-editpolicy rather than /usr/sbin/tomoyo-editpolicy .
Therefore, we need to accept manager programs which do not start with / .

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Tetsuo Handa 13 years ago
parent
fd75815f72
commit
77b513dda9
2 changed files with 6 additions and 21 deletions
Unified View Show Diff Stats
  1. 6 20
      security/tomoyo/common.c
  2. 0 1
      security/tomoyo/common.h

+ 6 - 20
security/tomoyo/common.c
View File 

@@ -850,14 +850,9 @@ static int tomoyo_update_manager_entry(const char *manager,
 
 		policy_list[TOMOYO_ID_MANAGER],
 
 		policy_list[TOMOYO_ID_MANAGER],
 
 	};
 
 	};
 
 	int error = is_delete ? -ENOENT : -ENOMEM;
 
 	int error = is_delete ? -ENOENT : -ENOMEM;
 
-	if (tomoyo_domain_def(manager)) {
 
-		if (!tomoyo_correct_domain(manager))
 
-			return -EINVAL;
 
-		e.is_domain = true;
 
-	} else {
 
-		if (!tomoyo_correct_path(manager))
 
-			return -EINVAL;
 
-	}
 
+	if (!tomoyo_correct_domain(manager) &&
 
+	    !tomoyo_correct_word(manager))
 
+		return -EINVAL;
 
 	e.manager = tomoyo_get_name(manager);
 
 	e.manager = tomoyo_get_name(manager);
 
 	if (e.manager) {
 
 	if (e.manager) {
 
 		error = tomoyo_update_policy(&e.head, sizeof(e), &param,
 
 		error = tomoyo_update_policy(&e.head, sizeof(e), &param,
 
@@ -932,23 +927,14 @@ static bool tomoyo_manager(void)
 
 		return true;
 
 		return true;
 
 	if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
 
 	if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
 
 		return false;
 
 		return false;
 
-	list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
 
-				policy_list[TOMOYO_ID_MANAGER], head.list) {
 
-		if (!ptr->head.is_deleted && ptr->is_domain
 
-		    && !tomoyo_pathcmp(domainname, ptr->manager)) {
 
-			found = true;
 
-			break;
 
-		}
 
-	}
 
-	if (found)
 
-		return true;
 
 	exe = tomoyo_get_exe();
 
 	exe = tomoyo_get_exe();
 
 	if (!exe)
 
 	if (!exe)
 
 		return false;
 
 		return false;
 
 	list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
 
 	list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
 
 				policy_list[TOMOYO_ID_MANAGER], head.list) {
 
 				policy_list[TOMOYO_ID_MANAGER], head.list) {
 
-		if (!ptr->head.is_deleted && !ptr->is_domain
 
-		    && !strcmp(exe, ptr->manager->name)) {
 
+		if (!ptr->head.is_deleted &&
 
+		    (!tomoyo_pathcmp(domainname, ptr->manager) ||
 
+		     !strcmp(exe, ptr->manager->name))) {
 
 			found = true;
 
 			found = true;
 
 			break;
 
 			break;
 
 		}
 
 		}

+ 0 - 1
security/tomoyo/common.h
View File 

@@ -860,7 +860,6 @@ struct tomoyo_aggregator {
 
 /* Structure for policy manager. */
 
 /* Structure for policy manager. */
 
 struct tomoyo_manager {
 
 struct tomoyo_manager {
 
 	struct tomoyo_acl_head head;
 
 	struct tomoyo_acl_head head;
 
-	bool is_domain;  /* True if manager is a domainname. */
 
 	/* A path to program or a domainname. */
 
 	/* A path to program or a domainname. */
 
 	const struct tomoyo_path_info *manager;
 
 	const struct tomoyo_path_info *manager;
 
 };
 
 };