Merge branch 'for-linus' of git://git.selinuxproject.org/~jmorris/linux-security

* 'for-linus' of git://git.selinuxproject.org/~jmorris/linux-security:
  TOMOYO: Fix interactive judgment functionality.
This commit is contained in:
Linus Torvalds 2011-11-02 17:01:01 -07:00
commit 2380078cdb

View file

@ -966,6 +966,9 @@ static bool tomoyo_manager(void)
return found; return found;
} }
static struct tomoyo_domain_info *tomoyo_find_domain_by_qid
(unsigned int serial);
/** /**
* tomoyo_select_domain - Parse select command. * tomoyo_select_domain - Parse select command.
* *
@ -999,6 +1002,8 @@ static bool tomoyo_select_domain(struct tomoyo_io_buffer *head,
} else if (!strncmp(data, "domain=", 7)) { } else if (!strncmp(data, "domain=", 7)) {
if (tomoyo_domain_def(data + 7)) if (tomoyo_domain_def(data + 7))
domain = tomoyo_find_domain(data + 7); domain = tomoyo_find_domain(data + 7);
} else if (sscanf(data, "Q=%u", &pid) == 1) {
domain = tomoyo_find_domain_by_qid(pid);
} else } else
return false; return false;
head->w.domain = domain; head->w.domain = domain;
@ -1894,6 +1899,7 @@ static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait);
/* Structure for query. */ /* Structure for query. */
struct tomoyo_query { struct tomoyo_query {
struct list_head list; struct list_head list;
struct tomoyo_domain_info *domain;
char *query; char *query;
size_t query_len; size_t query_len;
unsigned int serial; unsigned int serial;
@ -2044,6 +2050,7 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
goto out; goto out;
} }
len = tomoyo_round2(entry.query_len); len = tomoyo_round2(entry.query_len);
entry.domain = r->domain;
spin_lock(&tomoyo_query_list_lock); spin_lock(&tomoyo_query_list_lock);
if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] && if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] &&
tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len
@ -2090,6 +2097,29 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
return error; return error;
} }
/**
* tomoyo_find_domain_by_qid - Get domain by query id.
*
* @serial: Query ID assigned by tomoyo_supervisor().
*
* Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise.
*/
static struct tomoyo_domain_info *tomoyo_find_domain_by_qid
(unsigned int serial)
{
struct tomoyo_query *ptr;
struct tomoyo_domain_info *domain = NULL;
spin_lock(&tomoyo_query_list_lock);
list_for_each_entry(ptr, &tomoyo_query_list, list) {
if (ptr->serial != serial || ptr->answer)
continue;
domain = ptr->domain;
break;
}
spin_unlock(&tomoyo_query_list_lock);
return domain;
}
/** /**
* tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
* *