]> git.openfabrics.org - ~shefty/rdma-dev.git/commitdiff
Merge branch 'master' into next
authorJames Morris <jmorris@namei.org>
Mon, 29 Jun 2009 23:10:35 +0000 (09:10 +1000)
committerJames Morris <jmorris@namei.org>
Mon, 29 Jun 2009 23:10:35 +0000 (09:10 +1000)
17 files changed:
fs/proc/base.c
include/linux/security.h
kernel/ptrace.c
security/capability.c
security/commoncap.c
security/keys/proc.c
security/security.c
security/selinux/avc.c
security/selinux/hooks.c
security/selinux/include/avc.h
security/selinux/ss/services.c
security/smack/smack_lsm.c
security/tomoyo/common.c
security/tomoyo/common.h
security/tomoyo/domain.c
security/tomoyo/tomoyo.c
security/tomoyo/tomoyo.h

index 3ce5ae9e3d2dabd36dce105ecb4545a4723c1202..917f338a673992651144ae60e6f399a28f5d53c8 100644 (file)
@@ -237,20 +237,19 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
        struct mm_struct *mm = get_task_mm(task);
        if (!mm)
                return NULL;
+       if (mm != current->mm) {
+               /*
+                * task->mm can be changed before security check,
+                * in that case we must notice the change after.
+                */
+               if (!ptrace_may_access(task, PTRACE_MODE_READ) ||
+                   mm != task->mm) {
+                       mmput(mm);
+                       return NULL;
+               }
+       }
        down_read(&mm->mmap_sem);
-       task_lock(task);
-       if (task->mm != mm)
-               goto out;
-       if (task->mm != current->mm &&
-           __ptrace_may_access(task, PTRACE_MODE_READ) < 0)
-               goto out;
-       task_unlock(task);
        return mm;
-out:
-       task_unlock(task);
-       up_read(&mm->mmap_sem);
-       mmput(mm);
-       return NULL;
 }
 
 static int proc_pid_cmdline(struct task_struct *task, char * buffer)
index 5eff459b38338ace06bb7d9e83d10a462b906203..145909165dbf925238cf86504995cd09e3597984 100644 (file)
@@ -52,7 +52,7 @@ struct audit_krule;
 extern int cap_capable(struct task_struct *tsk, const struct cred *cred,
                       int cap, int audit);
 extern int cap_settime(struct timespec *ts, struct timezone *tz);
-extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode);
+extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
 extern int cap_ptrace_traceme(struct task_struct *parent);
 extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
 extern int cap_capset(struct cred *new, const struct cred *old,
@@ -1209,7 +1209,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *     @alter contains the flag indicating whether changes are to be made.
  *     Return 0 if permission is granted.
  *
- * @ptrace_may_access:
+ * @ptrace_access_check:
  *     Check permission before allowing the current process to trace the
  *     @child process.
  *     Security modules may also want to perform a process tracing check
@@ -1224,7 +1224,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *     Check that the @parent process has sufficient permission to trace the
  *     current process before allowing the current process to present itself
  *     to the @parent process for tracing.
- *     The parent process will still have to undergo the ptrace_may_access
+ *     The parent process will still have to undergo the ptrace_access_check
  *     checks before it is allowed to trace this one.
  *     @parent contains the task_struct structure for debugger process.
  *     Return 0 if permission is granted.
@@ -1336,7 +1336,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 struct security_operations {
        char name[SECURITY_NAME_MAX + 1];
 
-       int (*ptrace_may_access) (struct task_struct *child, unsigned int mode);
+       int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
        int (*ptrace_traceme) (struct task_struct *parent);
        int (*capget) (struct task_struct *target,
                       kernel_cap_t *effective,
@@ -1617,7 +1617,7 @@ extern int security_module_enable(struct security_operations *ops);
 extern int register_security(struct security_operations *ops);
 
 /* Security operations */
-int security_ptrace_may_access(struct task_struct *child, unsigned int mode);
+int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
 int security_ptrace_traceme(struct task_struct *parent);
 int security_capget(struct task_struct *target,
                    kernel_cap_t *effective,
@@ -1798,10 +1798,10 @@ static inline int security_init(void)
        return 0;
 }
 
-static inline int security_ptrace_may_access(struct task_struct *child,
+static inline int security_ptrace_access_check(struct task_struct *child,
                                             unsigned int mode)
 {
-       return cap_ptrace_may_access(child, mode);
+       return cap_ptrace_access_check(child, mode);
 }
 
 static inline int security_ptrace_traceme(struct task_struct *parent)
index 61c78b2c07baefd768aed903f482ea08d9672200..9a4184e04f29a610915402942048acd085fd93b5 100644 (file)
@@ -152,7 +152,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
        if (!dumpable && !capable(CAP_SYS_PTRACE))
                return -EPERM;
 
-       return security_ptrace_may_access(task, mode);
+       return security_ptrace_access_check(task, mode);
 }
 
 bool ptrace_may_access(struct task_struct *task, unsigned int mode)
index 21b6cead6a8ed38927abab1bd8cd9c491194c1bf..f218dd3616478a16da846121eabb1216daf0df17 100644 (file)
@@ -863,7 +863,7 @@ struct security_operations default_security_ops = {
 
 void security_fixup_ops(struct security_operations *ops)
 {
-       set_to_cap_if_null(ops, ptrace_may_access);
+       set_to_cap_if_null(ops, ptrace_access_check);
        set_to_cap_if_null(ops, ptrace_traceme);
        set_to_cap_if_null(ops, capget);
        set_to_cap_if_null(ops, capset);
index 48b7e0228fa38455ee6c2bf0cb37876e96c99afb..aa97704564d4a39521825f79897899f7815816a1 100644 (file)
@@ -101,7 +101,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
 }
 
 /**
- * cap_ptrace_may_access - Determine whether the current process may access
+ * cap_ptrace_access_check - Determine whether the current process may access
  *                        another
  * @child: The process to be accessed
  * @mode: The mode of attachment.
@@ -109,7 +109,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
  * Determine whether a process may access another, returning 0 if permission
  * granted, -ve if denied.
  */
-int cap_ptrace_may_access(struct task_struct *child, unsigned int mode)
+int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
 {
        int ret = 0;
 
index 769f9bdfd2b33aaeadbd7eb3efb895a364d0536a..39793c774f33bdf8286c47d3f85a90d7f281ac42 100644 (file)
@@ -120,6 +120,7 @@ static int proc_keys_open(struct inode *inode, struct file *file)
 }
 
 static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
+       __acquires(key_serial_lock)
 {
        struct rb_node *_p;
        loff_t pos = *_pos;
@@ -144,6 +145,7 @@ static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos)
 }
 
 static void proc_keys_stop(struct seq_file *p, void *v)
+       __releases(key_serial_lock)
 {
        spin_unlock(&key_serial_lock);
 }
@@ -257,6 +259,7 @@ static int proc_key_users_open(struct inode *inode, struct file *file)
 }
 
 static void *proc_key_users_start(struct seq_file *p, loff_t *_pos)
+       __acquires(key_user_lock)
 {
        struct rb_node *_p;
        loff_t pos = *_pos;
@@ -281,6 +284,7 @@ static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos)
 }
 
 static void proc_key_users_stop(struct seq_file *p, void *v)
+       __releases(key_user_lock)
 {
        spin_unlock(&key_user_lock);
 }
index dc7674fbfc7a4a6fcfb132bc974f2c9480b90922..4501c5e1f988b924dc33ffc981412f308088a01d 100644 (file)
@@ -124,9 +124,9 @@ int register_security(struct security_operations *ops)
 
 /* Security operations */
 
-int security_ptrace_may_access(struct task_struct *child, unsigned int mode)
+int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
 {
-       return security_ops->ptrace_may_access(child, mode);
+       return security_ops->ptrace_access_check(child, mode);
 }
 
 int security_ptrace_traceme(struct task_struct *parent)
index b2ab608598325bcea26430f6ebd1eac30a67ad61..236aaa2ea86d491bcf77ef50d36ea71de877af6c 100644 (file)
@@ -137,7 +137,7 @@ static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
  * @tclass: target security class
  * @av: access vector
  */
-void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
+static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
 {
        const char **common_pts = NULL;
        u32 common_base = 0;
@@ -970,3 +970,9 @@ u32 avc_policy_seqno(void)
 {
        return avc_cache.latest_notif;
 }
+
+void avc_disable(void)
+{
+       if (avc_node_cachep)
+               kmem_cache_destroy(avc_node_cachep);
+}
index 15c2a08a66f1217e92028a38e861ad4981ab3fdd..2081055f6783a64c88ae412b1338f53a50d7777b 100644 (file)
@@ -1854,12 +1854,12 @@ static inline u32 open_file_to_av(struct file *file)
 
 /* Hook functions begin here. */
 
-static int selinux_ptrace_may_access(struct task_struct *child,
+static int selinux_ptrace_access_check(struct task_struct *child,
                                     unsigned int mode)
 {
        int rc;
 
-       rc = cap_ptrace_may_access(child, mode);
+       rc = cap_ptrace_access_check(child, mode);
        if (rc)
                return rc;
 
@@ -2938,11 +2938,6 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
        const struct cred *cred = current_cred();
        struct inode *inode = file->f_path.dentry->d_inode;
 
-       if (!mask) {
-               /* No permission to check.  Existence test. */
-               return 0;
-       }
-
        /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
        if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
                mask |= MAY_APPEND;
@@ -2953,10 +2948,20 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
 
 static int selinux_file_permission(struct file *file, int mask)
 {
+       struct inode *inode = file->f_path.dentry->d_inode;
+       struct file_security_struct *fsec = file->f_security;
+       struct inode_security_struct *isec = inode->i_security;
+       u32 sid = current_sid();
+
        if (!mask)
                /* No permission to check.  Existence test. */
                return 0;
 
+       if (sid == fsec->sid && fsec->isid == isec->sid &&
+           fsec->pseqno == avc_policy_seqno())
+               /* No change since dentry_open check. */
+               return 0;
+
        return selinux_revalidate_file_permission(file, mask);
 }
 
@@ -5310,7 +5315,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
 static struct security_operations selinux_ops = {
        .name =                         "selinux",
 
-       .ptrace_may_access =            selinux_ptrace_may_access,
+       .ptrace_access_check =          selinux_ptrace_access_check,
        .ptrace_traceme =               selinux_ptrace_traceme,
        .capget =                       selinux_capget,
        .capset =                       selinux_capset,
@@ -5678,6 +5683,9 @@ int selinux_disable(void)
        selinux_disabled = 1;
        selinux_enabled = 0;
 
+       /* Try to destroy the avc node cache */
+       avc_disable();
+
        /* Reset security_ops to the secondary module, dummy or capability. */
        security_ops = secondary_ops;
 
index d12ff1a9c0aa5e383347af29f9f03fe96e626ed2..ae4c3a0e2c1ac801db6db57644018ce6cd948705 100644 (file)
@@ -127,13 +127,13 @@ int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
                     u32 events, u32 ssid, u32 tsid,
                     u16 tclass, u32 perms);
 
-/* Shows permission in human readable form */
-void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av);
-
 /* Exported to selinuxfs */
 int avc_get_hash_stats(char *page);
 extern unsigned int avc_cache_threshold;
 
+/* Attempt to free avc node cache */
+void avc_disable(void);
+
 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
 #endif
index 500e6f78e1159e1d568355ce74a113b4b49859c1..ff17820d35ec73bedfab174d3adfb7c87b762420 100644 (file)
  *
  *  Added validation of kernel classes and permissions
  *
+ * Updated: KaiGai Kohei <kaigai@ak.jp.nec.com>
+ *
+ *  Added support for bounds domain and audit messaged on masked permissions
+ *
+ * Copyright (C) 2008, 2009 NEC Corporation
  * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
  * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
  * Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC
@@ -278,6 +283,95 @@ mls_ops:
        return s[0];
 }
 
+/*
+ * security_dump_masked_av - dumps masked permissions during
+ * security_compute_av due to RBAC, MLS/Constraint and Type bounds.
+ */
+static int dump_masked_av_helper(void *k, void *d, void *args)
+{
+       struct perm_datum *pdatum = d;
+       char **permission_names = args;
+
+       BUG_ON(pdatum->value < 1 || pdatum->value > 32);
+
+       permission_names[pdatum->value - 1] = (char *)k;
+
+       return 0;
+}
+
+static void security_dump_masked_av(struct context *scontext,
+                                   struct context *tcontext,
+                                   u16 tclass,
+                                   u32 permissions,
+                                   const char *reason)
+{
+       struct common_datum *common_dat;
+       struct class_datum *tclass_dat;
+       struct audit_buffer *ab;
+       char *tclass_name;
+       char *scontext_name = NULL;
+       char *tcontext_name = NULL;
+       char *permission_names[32];
+       int index, length;
+       bool need_comma = false;
+
+       if (!permissions)
+               return;
+
+       tclass_name = policydb.p_class_val_to_name[tclass - 1];
+       tclass_dat = policydb.class_val_to_struct[tclass - 1];
+       common_dat = tclass_dat->comdatum;
+
+       /* init permission_names */
+       if (common_dat &&
+           hashtab_map(common_dat->permissions.table,
+                       dump_masked_av_helper, permission_names) < 0)
+               goto out;
+
+       if (hashtab_map(tclass_dat->permissions.table,
+                       dump_masked_av_helper, permission_names) < 0)
+               goto out;
+
+       /* get scontext/tcontext in text form */
+       if (context_struct_to_string(scontext,
+                                    &scontext_name, &length) < 0)
+               goto out;
+
+       if (context_struct_to_string(tcontext,
+                                    &tcontext_name, &length) < 0)
+               goto out;
+
+       /* audit a message */
+       ab = audit_log_start(current->audit_context,
+                            GFP_ATOMIC, AUDIT_SELINUX_ERR);
+       if (!ab)
+               goto out;
+
+       audit_log_format(ab, "op=security_compute_av reason=%s "
+                        "scontext=%s tcontext=%s tclass=%s perms=",
+                        reason, scontext_name, tcontext_name, tclass_name);
+
+       for (index = 0; index < 32; index++) {
+               u32 mask = (1 << index);
+
+               if ((mask & permissions) == 0)
+                       continue;
+
+               audit_log_format(ab, "%s%s",
+                                need_comma ? "," : "",
+                                permission_names[index]
+                                ? permission_names[index] : "????");
+               need_comma = true;
+       }
+       audit_log_end(ab);
+out:
+       /* release scontext/tcontext */
+       kfree(tcontext_name);
+       kfree(scontext_name);
+
+       return;
+}
+
 /*
  * security_boundary_permission - drops violated permissions
  * on boundary constraint.
@@ -347,28 +441,12 @@ static void type_attribute_bounds_av(struct context *scontext,
        }
 
        if (masked) {
-               struct audit_buffer *ab;
-               char *stype_name
-                       = policydb.p_type_val_to_name[source->value - 1];
-               char *ttype_name
-                       = policydb.p_type_val_to_name[target->value - 1];
-               char *tclass_name
-                       = policydb.p_class_val_to_name[tclass - 1];
-
                /* mask violated permissions */
                avd->allowed &= ~masked;
 
-               /* notice to userspace via audit message */
-               ab = audit_log_start(current->audit_context,
-                                    GFP_ATOMIC, AUDIT_SELINUX_ERR);
-               if (!ab)
-                       return;
-
-               audit_log_format(ab, "av boundary violation: "
-                                "source=%s target=%s tclass=%s",
-                                stype_name, ttype_name, tclass_name);
-               avc_dump_av(ab, tclass, masked);
-               audit_log_end(ab);
+               /* audit masked permissions */
+               security_dump_masked_av(scontext, tcontext,
+                                       tclass, masked, "bounds");
        }
 }
 
@@ -480,7 +558,7 @@ static int context_struct_compute_av(struct context *scontext,
                if ((constraint->permissions & (avd->allowed)) &&
                    !constraint_expr_eval(scontext, tcontext, NULL,
                                          constraint->expr)) {
-                       avd->allowed = (avd->allowed) & ~(constraint->permissions);
+                       avd->allowed &= ~(constraint->permissions);
                }
                constraint = constraint->next;
        }
@@ -499,8 +577,8 @@ static int context_struct_compute_av(struct context *scontext,
                                break;
                }
                if (!ra)
-                       avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION |
-                                                       PROCESS__DYNTRANSITION);
+                       avd->allowed &= ~(PROCESS__TRANSITION |
+                                         PROCESS__DYNTRANSITION);
        }
 
        /*
@@ -687,6 +765,26 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
                }
                index = type->bounds;
        }
+
+       if (rc) {
+               char *old_name = NULL;
+               char *new_name = NULL;
+               int length;
+
+               if (!context_struct_to_string(old_context,
+                                             &old_name, &length) &&
+                   !context_struct_to_string(new_context,
+                                             &new_name, &length)) {
+                       audit_log(current->audit_context,
+                                 GFP_ATOMIC, AUDIT_SELINUX_ERR,
+                                 "op=security_bounded_transition "
+                                 "result=denied "
+                                 "oldcontext=%s newcontext=%s",
+                                 old_name, new_name);
+               }
+               kfree(new_name);
+               kfree(old_name);
+       }
 out:
        read_unlock(&policy_rwlock);
 
index 0023182078c726797de5ccab784a1922eba17859..1c9bdbcbe3d2bfbd7c3f83b10c19800c0d7b929e 100644 (file)
@@ -91,7 +91,7 @@ struct inode_smack *new_inode_smack(char *smack)
  */
 
 /**
- * smack_ptrace_may_access - Smack approval on PTRACE_ATTACH
+ * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
  * @ctp: child task pointer
  * @mode: ptrace attachment mode
  *
@@ -99,13 +99,13 @@ struct inode_smack *new_inode_smack(char *smack)
  *
  * Do the capability checks, and require read and write.
  */
-static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode)
+static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
 {
        int rc;
        struct smk_audit_info ad;
        char *sp, *tsp;
 
-       rc = cap_ptrace_may_access(ctp, mode);
+       rc = cap_ptrace_access_check(ctp, mode);
        if (rc != 0)
                return rc;
 
@@ -3032,7 +3032,7 @@ static void smack_release_secctx(char *secdata, u32 seclen)
 struct security_operations smack_ops = {
        .name =                         "smack",
 
-       .ptrace_may_access =            smack_ptrace_may_access,
+       .ptrace_access_check =          smack_ptrace_access_check,
        .ptrace_traceme =               smack_ptrace_traceme,
        .syslog =                       smack_syslog,
 
index fdd1f4b8c448e4c1fa6611bb9456f5e9c9d30070..3c8bd8ee0b95e70e17e801913eb7481030ebcfae 100644 (file)
@@ -1284,6 +1284,36 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
        return true;
 }
 
+/**
+ * tomoyo_delete_domain - Delete a domain.
+ *
+ * @domainname: The name of domain.
+ *
+ * Returns 0.
+ */
+static int tomoyo_delete_domain(char *domainname)
+{
+       struct tomoyo_domain_info *domain;
+       struct tomoyo_path_info name;
+
+       name.name = domainname;
+       tomoyo_fill_path_info(&name);
+       down_write(&tomoyo_domain_list_lock);
+       /* Is there an active domain? */
+       list_for_each_entry(domain, &tomoyo_domain_list, list) {
+               /* Never delete tomoyo_kernel_domain */
+               if (domain == &tomoyo_kernel_domain)
+                       continue;
+               if (domain->is_deleted ||
+                   tomoyo_pathcmp(domain->domainname, &name))
+                       continue;
+               domain->is_deleted = true;
+               break;
+       }
+       up_write(&tomoyo_domain_list_lock);
+       return 0;
+}
+
 /**
  * tomoyo_write_domain_policy - Write domain policy.
  *
index 6d6ba09af4576b27d6aba92edad7d3c7b03515b3..31df541911f76f3d5cc39c92508eb37a25fb8545 100644 (file)
@@ -339,8 +339,6 @@ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);
 const char *tomoyo_get_msg(const bool is_enforce);
 /* Convert single path operation to operation name. */
 const char *tomoyo_sp2keyword(const u8 operation);
-/* Delete a domain. */
-int tomoyo_delete_domain(char *data);
 /* Create "alias" entry in exception policy. */
 int tomoyo_write_alias_policy(char *data, const bool is_delete);
 /*
index 1d8b16960576891615d7d523626d527030cf31bc..fcf52accce2b107798b7be675337eb53f9279a38 100644 (file)
@@ -717,38 +717,6 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete)
        return tomoyo_update_alias_entry(data, cp, is_delete);
 }
 
-/* Domain create/delete handler. */
-
-/**
- * tomoyo_delete_domain - Delete a domain.
- *
- * @domainname: The name of domain.
- *
- * Returns 0.
- */
-int tomoyo_delete_domain(char *domainname)
-{
-       struct tomoyo_domain_info *domain;
-       struct tomoyo_path_info name;
-
-       name.name = domainname;
-       tomoyo_fill_path_info(&name);
-       down_write(&tomoyo_domain_list_lock);
-       /* Is there an active domain? */
-       list_for_each_entry(domain, &tomoyo_domain_list, list) {
-               /* Never delete tomoyo_kernel_domain */
-               if (domain == &tomoyo_kernel_domain)
-                       continue;
-               if (domain->is_deleted ||
-                   tomoyo_pathcmp(domain->domainname, &name))
-                       continue;
-               domain->is_deleted = true;
-               break;
-       }
-       up_write(&tomoyo_domain_list_lock);
-       return 0;
-}
-
 /**
  * tomoyo_find_or_assign_new_domain - Create a domain.
  *
@@ -818,13 +786,11 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
 /**
  * tomoyo_find_next_domain - Find a domain.
  *
- * @bprm:           Pointer to "struct linux_binprm".
- * @next_domain:    Pointer to pointer to "struct tomoyo_domain_info".
+ * @bprm: Pointer to "struct linux_binprm".
  *
  * Returns 0 on success, negative value otherwise.
  */
-int tomoyo_find_next_domain(struct linux_binprm *bprm,
-                           struct tomoyo_domain_info **next_domain)
+int tomoyo_find_next_domain(struct linux_binprm *bprm)
 {
        /*
         * This function assumes that the size of buffer returned by
@@ -946,9 +912,11 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm,
                tomoyo_set_domain_flag(old_domain, false,
                                       TOMOYO_DOMAIN_FLAGS_TRANSITION_FAILED);
  out:
+       if (!domain)
+               domain = old_domain;
+       bprm->cred->security = domain;
        tomoyo_free(real_program_name);
        tomoyo_free(symlink_program_name);
-       *next_domain = domain ? domain : old_domain;
        tomoyo_free(tmp);
        return retval;
 }
index 3194d09fe0f4ccd5311b819e526a1b696a8ecc33..35a13e7915e41dba8e47253e596bb8e53c1749bd 100644 (file)
@@ -61,14 +61,8 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
         * Execute permission is checked against pathname passed to do_execve()
         * using current domain.
         */
-       if (!domain) {
-               struct tomoyo_domain_info *next_domain = NULL;
-               int retval = tomoyo_find_next_domain(bprm, &next_domain);
-
-               if (!retval)
-                       bprm->cred->security = next_domain;
-               return retval;
-       }
+       if (!domain)
+               return tomoyo_find_next_domain(bprm);
        /*
         * Read permission is checked against interpreters using next domain.
         * '1' is the result of open_to_namei_flags(O_RDONLY).
index 0fd588a629cf915ca6be0a47dbc300292d908570..cd6ba0bf7069a98128bdac2d562c9746decdcc6f 100644 (file)
@@ -31,8 +31,7 @@ int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain,
                            struct path *path2);
 int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
                                    struct file *filp);
-int tomoyo_find_next_domain(struct linux_binprm *bprm,
-                           struct tomoyo_domain_info **next_domain);
+int tomoyo_find_next_domain(struct linux_binprm *bprm);
 
 /* Index numbers for Access Controls. */