summaryrefslogtreecommitdiff
path: root/security/tomoyo
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2011-10-11 14:06:41 +0900
committerJames Morris <jmorris@namei.org>2011-10-12 12:15:20 +1100
commit545a7260343bbaf11c7f1a4b8c3d9660bb9266e5 (patch)
tree47f07960ef637b6475061575e7ae2fa7a4732a78 /security/tomoyo
parente2b8b25a6795488eba7bb757706b3ac725c31fac (diff)
downloadlinux-3.10-545a7260343bbaf11c7f1a4b8c3d9660bb9266e5.tar.gz
linux-3.10-545a7260343bbaf11c7f1a4b8c3d9660bb9266e5.tar.bz2
linux-3.10-545a7260343bbaf11c7f1a4b8c3d9660bb9266e5.zip
TOMOYO: Fix quota and garbage collector.
Commit 059d84db "TOMOYO: Add socket operation restriction support" and commit 731d37aa "TOMOYO: Allow domain transition without execve()." forgot to update tomoyo_domain_quota_is_ok() and tomoyo_del_acl() which results in incorrect quota counting and memory leak. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/gc.c7
-rw-r--r--security/tomoyo/util.c11
2 files changed, 18 insertions, 0 deletions
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index c3214b32dbf..986a6a75686 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -221,6 +221,13 @@ static void tomoyo_del_acl(struct list_head *element)
tomoyo_put_name_union(&entry->name);
}
break;
+ case TOMOYO_TYPE_MANUAL_TASK_ACL:
+ {
+ struct tomoyo_task_acl *entry =
+ container_of(acl, typeof(*entry), head);
+ tomoyo_put_name(entry->domainname);
+ }
+ break;
}
}
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index 50e9b4c73ce..4a9b4b2eb75 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -1057,6 +1057,17 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
perm = container_of(ptr, struct tomoyo_mkdev_acl,
head)->perm;
break;
+ case TOMOYO_TYPE_INET_ACL:
+ perm = container_of(ptr, struct tomoyo_inet_acl,
+ head)->perm;
+ break;
+ case TOMOYO_TYPE_UNIX_ACL:
+ perm = container_of(ptr, struct tomoyo_unix_acl,
+ head)->perm;
+ break;
+ case TOMOYO_TYPE_MANUAL_TASK_ACL:
+ perm = 0;
+ break;
default:
perm = 1;
}