TOMOYO: Allow reading only execute permission. (063821c8) · Commits · e / devices / android_kernel_fairphone_FP3

security/tomoyo/common.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -594,6 +594,10 @@ static bool tomoyo_select_one(struct tomoyo_io_buffer head, const char data)
		struct tomoyo_domain_info *domain = NULL;
		bool global_pid = false;

		if (!strcmp(data, "allow_execute")) {
		head->print_execute_only = true;
		return true;
		}
		if (sscanf(data, "pid=%u", &pid) == 1 \|\|
		(global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
		struct task_struct *p;
		@@ -759,6 +763,8 @@ static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head,
		for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
		if (!(perm & (1 << bit)))
		continue;
		if (head->print_execute_only && bit != TOMOYO_TYPE_EXECUTE)
		continue;
		/* Print "read/write" instead of "read" and "write". */
		if ((bit == TOMOYO_TYPE_READ \|\| bit == TOMOYO_TYPE_WRITE)
		&& (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
		@@ -926,6 +932,8 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
		= container_of(ptr, struct tomoyo_path_acl, head);
		return tomoyo_print_path_acl(head, acl);
		}
		if (head->print_execute_only)
		return true;
		if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
		struct tomoyo_path2_acl *acl
		= container_of(ptr, struct tomoyo_path2_acl, head);

+2 −0

Original line number	Diff line number	Diff line
		@@ -571,6 +571,8 @@ struct tomoyo_io_buffer {
		bool read_single_domain;
		/* Extra variable for reading. */
		u8 read_bit;
		/* Read only TOMOYO_TYPE_EXECUTE */
		bool print_execute_only;
		/* Bytes available for reading. */
		int read_avail;
		/* Size of read buffer. */