Commit 56f8c9bc410deb55f21698e6a0d59f559ae1d794
Committed by
James Morris
James Morris
1 parent
ccf135f509
Exists in
master
and in
7 other branches
TOMOYO: Remove next_domain from tomoyo_find_next_domain().
We can update bprm->cred->security inside tomoyo_find_next_domain(). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Showing 3 changed files with 8 additions and 15 deletions Side-by-side Diff
security/tomoyo/domain.c
| ... | ... | @@ -786,13 +786,11 @@ |
| 786 | 786 | /** |
| 787 | 787 | * tomoyo_find_next_domain - Find a domain. |
| 788 | 788 | * |
| 789 | - * @bprm: Pointer to "struct linux_binprm". | |
| 790 | - * @next_domain: Pointer to pointer to "struct tomoyo_domain_info". | |
| 789 | + * @bprm: Pointer to "struct linux_binprm". | |
| 791 | 790 | * |
| 792 | 791 | * Returns 0 on success, negative value otherwise. |
| 793 | 792 | */ |
| 794 | -int tomoyo_find_next_domain(struct linux_binprm *bprm, | |
| 795 | - struct tomoyo_domain_info **next_domain) | |
| 793 | +int tomoyo_find_next_domain(struct linux_binprm *bprm) | |
| 796 | 794 | { |
| 797 | 795 | /* |
| 798 | 796 | * This function assumes that the size of buffer returned by |
| 799 | 797 | |
| ... | ... | @@ -914,9 +912,11 @@ |
| 914 | 912 | tomoyo_set_domain_flag(old_domain, false, |
| 915 | 913 | TOMOYO_DOMAIN_FLAGS_TRANSITION_FAILED); |
| 916 | 914 | out: |
| 915 | + if (!domain) | |
| 916 | + domain = old_domain; | |
| 917 | + bprm->cred->security = domain; | |
| 917 | 918 | tomoyo_free(real_program_name); |
| 918 | 919 | tomoyo_free(symlink_program_name); |
| 919 | - *next_domain = domain ? domain : old_domain; | |
| 920 | 920 | tomoyo_free(tmp); |
| 921 | 921 | return retval; |
| 922 | 922 | } |
security/tomoyo/tomoyo.c
| ... | ... | @@ -61,14 +61,8 @@ |
| 61 | 61 | * Execute permission is checked against pathname passed to do_execve() |
| 62 | 62 | * using current domain. |
| 63 | 63 | */ |
| 64 | - if (!domain) { | |
| 65 | - struct tomoyo_domain_info *next_domain = NULL; | |
| 66 | - int retval = tomoyo_find_next_domain(bprm, &next_domain); | |
| 67 | - | |
| 68 | - if (!retval) | |
| 69 | - bprm->cred->security = next_domain; | |
| 70 | - return retval; | |
| 71 | - } | |
| 64 | + if (!domain) | |
| 65 | + return tomoyo_find_next_domain(bprm); | |
| 72 | 66 | /* |
| 73 | 67 | * Read permission is checked against interpreters using next domain. |
| 74 | 68 | * '1' is the result of open_to_namei_flags(O_RDONLY). |
security/tomoyo/tomoyo.h
| ... | ... | @@ -31,8 +31,7 @@ |
| 31 | 31 | struct path *path2); |
| 32 | 32 | int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, |
| 33 | 33 | struct file *filp); |
| 34 | -int tomoyo_find_next_domain(struct linux_binprm *bprm, | |
| 35 | - struct tomoyo_domain_info **next_domain); | |
| 34 | +int tomoyo_find_next_domain(struct linux_binprm *bprm); | |
| 36 | 35 | |
| 37 | 36 | /* Index numbers for Access Controls. */ |
| 38 | 37 |