diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-08-25 14:15:00 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-09-10 01:08:48 +0200 |
commit | 852584157c55c1689bcf3809ea44b79870c3e409 (patch) | |
tree | 9965e2ceb8fbb7ffaec131eb7c1963f9a32e1c0c /security/tomoyo | |
parent | tpm: suppress durations sysfs output if not read (diff) | |
download | linux-852584157c55c1689bcf3809ea44b79870c3e409.tar.xz linux-852584157c55c1689bcf3809ea44b79870c3e409.zip |
TOMOYO: Fix incorrect enforce mode.
In tomoyo_get_mode() since 2.6.36, CONFIG::file::execute was by error used in
place of CONFIG::file if CONFIG::file::execute was set to other than default.
As a result, enforcing mode was not applied in a way documentation says.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/util.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index c36bd1107fc8..6a4195a4b93c 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -925,7 +925,8 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, return TOMOYO_CONFIG_DISABLED; mode = tomoyo_profile(ns, profile)->config[index]; if (mode == TOMOYO_CONFIG_USE_DEFAULT) - mode = tomoyo_profile(ns, profile)->config[category]; + mode = tomoyo_profile(ns, profile)->config + [category + TOMOYO_MAX_MAC_INDEX]; if (mode == TOMOYO_CONFIG_USE_DEFAULT) mode = tomoyo_profile(ns, profile)->default_config; return mode & 3; |