From 484ca79c653121d3c79fffb86e1deea724f2e20b Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Thu, 29 Jul 2010 14:29:55 +0900 Subject: TOMOYO: Use pathname specified by policy rather than execve() Commit c9e69318 "TOMOYO: Allow wildcard for execute permission." changed execute permission and domainname to accept wildcards. But tomoyo_find_next_domain() was using pathname passed to execve() rather than pathname specified by the execute permission. As a result, processes were not able to transit to domains which contain wildcards in their domainnames. This patch passes pathname specified by the execute permission back to tomoyo_find_next_domain() so that processes can transit to domains which contain wildcards in their domainnames. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris --- security/tomoyo/group.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'security/tomoyo/group.c') diff --git a/security/tomoyo/group.c b/security/tomoyo/group.c index 3f0a2abf65cc..e94352ce723f 100644 --- a/security/tomoyo/group.c +++ b/security/tomoyo/group.c @@ -80,24 +80,24 @@ int tomoyo_write_group(char *data, const bool is_delete, const u8 type) * @pathname: The name of pathname. * @group: Pointer to "struct tomoyo_path_group". * - * Returns true if @pathname matches pathnames in @group, false otherwise. + * Returns matched member's pathname if @pathname matches pathnames in @group, + * NULL otherwise. * * Caller holds tomoyo_read_lock(). */ -bool tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, - const struct tomoyo_group *group) +const struct tomoyo_path_info * +tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, + const struct tomoyo_group *group) { struct tomoyo_path_group *member; - bool matched = false; list_for_each_entry_rcu(member, &group->member_list, head.list) { if (member->head.is_deleted) continue; if (!tomoyo_path_matches_pattern(pathname, member->member_name)) continue; - matched = true; - break; + return member->member_name; } - return matched; + return NULL; } /** -- cgit