TOMOYO: Accept manager programs which do not start with / .
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Sun, 13 May 2012 14:03:23 +0000 (23:03 +0900)
committerJames Morris <james.l.morris@oracle.com>
Tue, 15 May 2012 00:24:29 +0000 (10:24 +1000)
The pathname of /usr/sbin/tomoyo-editpolicy seen from Ubuntu 12.04 Live CD is
squashfs:/usr/sbin/tomoyo-editpolicy rather than /usr/sbin/tomoyo-editpolicy .
Therefore, we need to accept manager programs which do not start with / .

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/tomoyo/common.c
security/tomoyo/common.h

index 8656b16eef7b9ce5e4749815130791af1badc524..2e0f12c629386da35b3b26fc37dfb973db57440d 100644 (file)
@@ -850,14 +850,9 @@ static int tomoyo_update_manager_entry(const char *manager,
                policy_list[TOMOYO_ID_MANAGER],
        };
        int error = is_delete ? -ENOENT : -ENOMEM;
-       if (tomoyo_domain_def(manager)) {
-               if (!tomoyo_correct_domain(manager))
-                       return -EINVAL;
-               e.is_domain = true;
-       } else {
-               if (!tomoyo_correct_path(manager))
-                       return -EINVAL;
-       }
+       if (!tomoyo_correct_domain(manager) &&
+           !tomoyo_correct_word(manager))
+               return -EINVAL;
        e.manager = tomoyo_get_name(manager);
        if (e.manager) {
                error = tomoyo_update_policy(&e.head, sizeof(e), &param,
@@ -932,23 +927,14 @@ static bool tomoyo_manager(void)
                return true;
        if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
                return false;
-       list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
-                               policy_list[TOMOYO_ID_MANAGER], head.list) {
-               if (!ptr->head.is_deleted && ptr->is_domain
-                   && !tomoyo_pathcmp(domainname, ptr->manager)) {
-                       found = true;
-                       break;
-               }
-       }
-       if (found)
-               return true;
        exe = tomoyo_get_exe();
        if (!exe)
                return false;
        list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
                                policy_list[TOMOYO_ID_MANAGER], head.list) {
-               if (!ptr->head.is_deleted && !ptr->is_domain
-                   && !strcmp(exe, ptr->manager->name)) {
+               if (!ptr->head.is_deleted &&
+                   (!tomoyo_pathcmp(domainname, ptr->manager) ||
+                    !strcmp(exe, ptr->manager->name))) {
                        found = true;
                        break;
                }
index 30fd98369700c83fe2306066db1d8049f5fb57b6..75e4dc1c02a089da337d3f241b5ead704aae1c1c 100644 (file)
@@ -860,7 +860,6 @@ struct tomoyo_aggregator {
 /* Structure for policy manager. */
 struct tomoyo_manager {
        struct tomoyo_acl_head head;
-       bool is_domain;  /* True if manager is a domainname. */
        /* A path to program or a domainname. */
        const struct tomoyo_path_info *manager;
 };