forked from luck/tmp_suning_uos_patched
TOMOYO: Accept manager programs which do not start with / .
The pathname of /usr/sbin/tomoyo-editpolicy seen from Ubuntu 12.04 Live CD is squashfs:/usr/sbin/tomoyo-editpolicy rather than /usr/sbin/tomoyo-editpolicy . Therefore, we need to accept manager programs which do not start with / . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
parent
fd75815f72
commit
77b513dda9
|
@ -850,14 +850,9 @@ static int tomoyo_update_manager_entry(const char *manager,
|
||||||
policy_list[TOMOYO_ID_MANAGER],
|
policy_list[TOMOYO_ID_MANAGER],
|
||||||
};
|
};
|
||||||
int error = is_delete ? -ENOENT : -ENOMEM;
|
int error = is_delete ? -ENOENT : -ENOMEM;
|
||||||
if (tomoyo_domain_def(manager)) {
|
if (!tomoyo_correct_domain(manager) &&
|
||||||
if (!tomoyo_correct_domain(manager))
|
!tomoyo_correct_word(manager))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
e.is_domain = true;
|
|
||||||
} else {
|
|
||||||
if (!tomoyo_correct_path(manager))
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
e.manager = tomoyo_get_name(manager);
|
e.manager = tomoyo_get_name(manager);
|
||||||
if (e.manager) {
|
if (e.manager) {
|
||||||
error = tomoyo_update_policy(&e.head, sizeof(e), ¶m,
|
error = tomoyo_update_policy(&e.head, sizeof(e), ¶m,
|
||||||
|
@ -932,23 +927,14 @@ static bool tomoyo_manager(void)
|
||||||
return true;
|
return true;
|
||||||
if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
|
if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
|
||||||
return false;
|
return false;
|
||||||
list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
|
|
||||||
policy_list[TOMOYO_ID_MANAGER], head.list) {
|
|
||||||
if (!ptr->head.is_deleted && ptr->is_domain
|
|
||||||
&& !tomoyo_pathcmp(domainname, ptr->manager)) {
|
|
||||||
found = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (found)
|
|
||||||
return true;
|
|
||||||
exe = tomoyo_get_exe();
|
exe = tomoyo_get_exe();
|
||||||
if (!exe)
|
if (!exe)
|
||||||
return false;
|
return false;
|
||||||
list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
|
list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
|
||||||
policy_list[TOMOYO_ID_MANAGER], head.list) {
|
policy_list[TOMOYO_ID_MANAGER], head.list) {
|
||||||
if (!ptr->head.is_deleted && !ptr->is_domain
|
if (!ptr->head.is_deleted &&
|
||||||
&& !strcmp(exe, ptr->manager->name)) {
|
(!tomoyo_pathcmp(domainname, ptr->manager) ||
|
||||||
|
!strcmp(exe, ptr->manager->name))) {
|
||||||
found = true;
|
found = true;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
@ -860,7 +860,6 @@ struct tomoyo_aggregator {
|
||||||
/* Structure for policy manager. */
|
/* Structure for policy manager. */
|
||||||
struct tomoyo_manager {
|
struct tomoyo_manager {
|
||||||
struct tomoyo_acl_head head;
|
struct tomoyo_acl_head head;
|
||||||
bool is_domain; /* True if manager is a domainname. */
|
|
||||||
/* A path to program or a domainname. */
|
/* A path to program or a domainname. */
|
||||||
const struct tomoyo_path_info *manager;
|
const struct tomoyo_path_info *manager;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue
Block a user