TOMOYO: Return error if fails to delete a domain

Call sequence: tomoyo_write_domain() --> tomoyo_delete_domain() In 'tomoyo_delete_domain', return -EINTR if locking attempt is interrupted by signal. At present it returns success to its caller 'tomoyo_write_domain()' even though domain is not deleted. 'tomoyo_write_domain()' assumes domain is deleted and returns success to its caller. This is wrong behaviour. 'tomoyo_write_domain' should return error from tomoyo_delete_domain() to its caller. Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>

TOMOYO: Return error if fails to delete a domain
Call sequence: tomoyo_write_domain() --> tomoyo_delete_domain() In 'tomoyo_delete_domain', return -EINTR if locking attempt is interrupted by signal. At present it returns success to its caller 'tomoyo_write_domain()' even though domain is not deleted. 'tomoyo_write_domain()' assumes domain is deleted and returns success to its caller. This is wrong behaviour. 'tomoyo_write_domain' should return error from tomoyo_delete_domain() to its caller. Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>
Tetsuo Handa · James Morris
1 parent b01d3fb921
Showing 1 changed file with 5 additions and 4 deletions Side-by-side Diff
security/tomoyo/common.c
@@ -1069,7 +1069,7 @@
  *
  * @domainname: The name of domain.
  *
- * Returns 0.
+ * Returns 0 on success, negative value otherwise.
  *
  * Caller holds tomoyo_read_lock().
  */
@@ -1081,7 +1081,7 @@
 	name.name = domainname;
 	tomoyo_fill_path_info(&name);
 	if (mutex_lock_interruptible(&tomoyo_policy_lock))
-		return 0;
+		return -EINTR;
 	/* Is there an active domain? */
 	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
 		/* Never delete tomoyo_kernel_domain */
  
  
@@ -1164,15 +1164,16 @@
 	bool is_select = !is_delete && tomoyo_str_starts(&data, "select ");
 	unsigned int profile;
 	if (*data == '<') {
+		int ret = 0;
 		domain = NULL;
 		if (is_delete)
-			tomoyo_delete_domain(data);
+			ret = tomoyo_delete_domain(data);
 		else if (is_select)
 			domain = tomoyo_find_domain(data);
 		else
 			domain = tomoyo_assign_domain(data, false);
 		head->w.domain = domain;
-		return 0;
+		return ret;
 	}
 	if (!domain)
 		return -EINVAL;
...	...	@@ -1069,7 +1069,7 @@
1069	1069	*
1070	1070	* @domainname: The name of domain.
1071	1071	*
1072		- * Returns 0.
	1072	+ * Returns 0 on success, negative value otherwise.
1073	1073	*
1074	1074	* Caller holds tomoyo_read_lock().
1075	1075	*/
...	...	@@ -1081,7 +1081,7 @@
1081	1081	name.name = domainname;
1082	1082	tomoyo_fill_path_info(&name);
1083	1083	if (mutex_lock_interruptible(&tomoyo_policy_lock))
1084		- return 0;
	1084	+ return -EINTR;
1085	1085	/* Is there an active domain? */
1086	1086	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1087	1087	/* Never delete tomoyo_kernel_domain */
1088	1088
1089	1089
...	...	@@ -1164,15 +1164,16 @@
1164	1164	bool is_select = !is_delete && tomoyo_str_starts(&data, "select ");
1165	1165	unsigned int profile;
1166	1166	if (*data == '<') {
	1167	+ int ret = 0;
1167	1168	domain = NULL;
1168	1169	if (is_delete)
1169		- tomoyo_delete_domain(data);
	1170	+ ret = tomoyo_delete_domain(data);
1170	1171	else if (is_select)
1171	1172	domain = tomoyo_find_domain(data);
1172	1173	else
1173	1174	domain = tomoyo_assign_domain(data, false);
1174	1175	head->w.domain = domain;
1175		- return 0;
	1176	+ return ret;
1176	1177	}
1177	1178	if (!domain)
1178	1179	return -EINVAL;