diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-06-03 20:37:26 +0900 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-08-02 15:33:42 +1000 |
| commit | 3f629636320dfa65804779a3fc333f3147f3b064 (patch) | |
| tree | e44dc9f63ae8c6cd37d5471d014cd9b0449027e7 /security/tomoyo/path_group.c | |
| parent | c8c57e842720d8cc92ac8607f2d1c16d92314573 (diff) | |
TOMOYO: Allow wildcard for execute permission.
Some applications create and execute programs dynamically. We need to accept
wildcard for execute permission because such programs contain random suffix
in their filenames. This patch loosens up regulation of string parameters.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/path_group.c')
| -rw-r--r-- | security/tomoyo/path_group.c | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c index 636025e26b06..07e4f782367b 100644 --- a/security/tomoyo/path_group.c +++ b/security/tomoyo/path_group.c @@ -22,8 +22,7 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name) struct tomoyo_path_group *group = NULL; const struct tomoyo_path_info *saved_group_name; int error = -ENOMEM; - if (!tomoyo_is_correct_path(group_name, 0, 0, 0) || - !group_name[0]) + if (!tomoyo_is_correct_word(group_name)) return NULL; saved_group_name = tomoyo_get_name(group_name); if (!saved_group_name) @@ -141,29 +140,21 @@ bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head) * * @pathname: The name of pathname. * @group: Pointer to "struct tomoyo_path_group". - * @may_use_pattern: True if wild card is permitted. * * Returns true if @pathname matches pathnames in @group, false otherwise. * * Caller holds tomoyo_read_lock(). */ bool tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, - const struct tomoyo_path_group *group, - const bool may_use_pattern) + const struct tomoyo_path_group *group) { struct tomoyo_path_group_member *member; bool matched = false; list_for_each_entry_rcu(member, &group->member_list, list) { if (member->is_deleted) continue; - if (!member->member_name->is_patterned) { - if (tomoyo_pathcmp(pathname, member->member_name)) - continue; - } else if (may_use_pattern) { - if (!tomoyo_path_matches_pattern(pathname, - member->member_name)) - continue; - } else + if (!tomoyo_path_matches_pattern(pathname, + member->member_name)) continue; matched = true; break; |