summaryrefslogtreecommitdiffstats
path: root/security/tomoyo/gc.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2011-07-08 06:24:54 +0200
committerJames Morris <jmorris@namei.org>2011-07-11 03:05:33 +0200
commit5b636857fee642694e287e3a181b523b16098c93 (patch)
tree24afcc11fc35350a29f5d6d73d376a551c5569b8 /security/tomoyo/gc.c
parentTOMOYO: Allow using executable's realpath and symlink's target as conditions. (diff)
downloadlinux-5b636857fee642694e287e3a181b523b16098c93.tar.xz
linux-5b636857fee642694e287e3a181b523b16098c93.zip
TOMOYO: Allow using argv[]/envp[] of execve() as conditions.
This patch adds support for permission checks using argv[]/envp[] of execve() request. Hooks are in the last patch of this pathset. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to '')
-rw-r--r--security/tomoyo/gc.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index e0502b6d5866..1ac3312059f6 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -358,6 +358,8 @@ void tomoyo_del_condition(struct list_head *element)
const u16 condc = cond->condc;
const u16 numbers_count = cond->numbers_count;
const u16 names_count = cond->names_count;
+ const u16 argc = cond->argc;
+ const u16 envc = cond->envc;
unsigned int i;
const struct tomoyo_condition_element *condp
= (const struct tomoyo_condition_element *) (cond + 1);
@@ -365,10 +367,20 @@ void tomoyo_del_condition(struct list_head *element)
= (struct tomoyo_number_union *) (condp + condc);
struct tomoyo_name_union *names_p
= (struct tomoyo_name_union *) (numbers_p + numbers_count);
+ const struct tomoyo_argv *argv
+ = (const struct tomoyo_argv *) (names_p + names_count);
+ const struct tomoyo_envp *envp
+ = (const struct tomoyo_envp *) (argv + argc);
for (i = 0; i < numbers_count; i++)
tomoyo_put_number_union(numbers_p++);
for (i = 0; i < names_count; i++)
tomoyo_put_name_union(names_p++);
+ for (i = 0; i < argc; argv++, i++)
+ tomoyo_put_name(argv->value);
+ for (i = 0; i < envc; envp++, i++) {
+ tomoyo_put_name(envp->name);
+ tomoyo_put_name(envp->value);
+ }
}
/**