diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-07-08 06:24:54 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-07-11 03:05:33 +0200 |
commit | 5b636857fee642694e287e3a181b523b16098c93 (patch) | |
tree | 24afcc11fc35350a29f5d6d73d376a551c5569b8 /security/tomoyo/gc.c | |
parent | TOMOYO: Allow using executable's realpath and symlink's target as conditions. (diff) | |
download | linux-5b636857fee642694e287e3a181b523b16098c93.tar.xz linux-5b636857fee642694e287e3a181b523b16098c93.zip |
TOMOYO: Allow using argv[]/envp[] of execve() as conditions.
This patch adds support for permission checks using argv[]/envp[] of execve()
request. Hooks are in the last patch of this pathset.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/gc.c')
-rw-r--r-- | security/tomoyo/gc.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index e0502b6d5866..1ac3312059f6 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -358,6 +358,8 @@ void tomoyo_del_condition(struct list_head *element) const u16 condc = cond->condc; const u16 numbers_count = cond->numbers_count; const u16 names_count = cond->names_count; + const u16 argc = cond->argc; + const u16 envc = cond->envc; unsigned int i; const struct tomoyo_condition_element *condp = (const struct tomoyo_condition_element *) (cond + 1); @@ -365,10 +367,20 @@ void tomoyo_del_condition(struct list_head *element) = (struct tomoyo_number_union *) (condp + condc); struct tomoyo_name_union *names_p = (struct tomoyo_name_union *) (numbers_p + numbers_count); + const struct tomoyo_argv *argv + = (const struct tomoyo_argv *) (names_p + names_count); + const struct tomoyo_envp *envp + = (const struct tomoyo_envp *) (argv + argc); for (i = 0; i < numbers_count; i++) tomoyo_put_number_union(numbers_p++); for (i = 0; i < names_count; i++) tomoyo_put_name_union(names_p++); + for (i = 0; i < argc; argv++, i++) + tomoyo_put_name(argv->value); + for (i = 0; i < envc; envp++, i++) { + tomoyo_put_name(envp->name); + tomoyo_put_name(envp->value); + } } /** |