Commit 852584157c55c1689bcf3809ea44b79870c3e409
Committed by
James Morris
1 parent
403d1d0319
Exists in
master
and in
20 other branches
TOMOYO: Fix incorrect enforce mode.
In tomoyo_get_mode() since 2.6.36, CONFIG::file::execute was by error used in place of CONFIG::file if CONFIG::file::execute was set to other than default. As a result, enforcing mode was not applied in a way documentation says. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Showing 1 changed file with 2 additions and 1 deletions Side-by-side Diff
security/tomoyo/util.c
... | ... | @@ -925,7 +925,8 @@ |
925 | 925 | return TOMOYO_CONFIG_DISABLED; |
926 | 926 | mode = tomoyo_profile(ns, profile)->config[index]; |
927 | 927 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) |
928 | - mode = tomoyo_profile(ns, profile)->config[category]; | |
928 | + mode = tomoyo_profile(ns, profile)->config | |
929 | + [category + TOMOYO_MAX_MAC_INDEX]; | |
929 | 930 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) |
930 | 931 | mode = tomoyo_profile(ns, profile)->default_config; |
931 | 932 | return mode & 3; |