TOMOYO: Accept manager programs which do not start with / . (77b513dd) · Commits · e / devices / android_kernel_oneplus_sm8150

security/tomoyo/common.c

+6 −20

Original line number	Diff line number	Diff line
		@@ -850,14 +850,9 @@ static int tomoyo_update_manager_entry(const char *manager,
		policy_list[TOMOYO_ID_MANAGER],
		};
		int error = is_delete ? -ENOENT : -ENOMEM;
		if (tomoyo_domain_def(manager)) {
		if (!tomoyo_correct_domain(manager))
		if (!tomoyo_correct_domain(manager) &&
		!tomoyo_correct_word(manager))
		return -EINVAL;
		e.is_domain = true;
		} else {
		if (!tomoyo_correct_path(manager))
		return -EINVAL;
		}
		e.manager = tomoyo_get_name(manager);
		if (e.manager) {
		error = tomoyo_update_policy(&e.head, sizeof(e), &param,
		@@ -932,23 +927,14 @@ static bool tomoyo_manager(void)
		return true;
		if (!tomoyo_manage_by_non_root && (task->cred->uid \|\| task->cred->euid))
		return false;
		list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
		policy_list[TOMOYO_ID_MANAGER], head.list) {
		if (!ptr->head.is_deleted && ptr->is_domain
		&& !tomoyo_pathcmp(domainname, ptr->manager)) {
		found = true;
		break;
		}
		}
		if (found)
		return true;
		exe = tomoyo_get_exe();
		if (!exe)
		return false;
		list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
		policy_list[TOMOYO_ID_MANAGER], head.list) {
		if (!ptr->head.is_deleted && !ptr->is_domain
		&& !strcmp(exe, ptr->manager->name)) {
		if (!ptr->head.is_deleted &&
		(!tomoyo_pathcmp(domainname, ptr->manager) \|\|
		!strcmp(exe, ptr->manager->name))) {
		found = true;
		break;
		}

+0 −1

Original line number	Diff line number	Diff line
		@@ -860,7 +860,6 @@ struct tomoyo_aggregator {
		/* Structure for policy manager. */
		struct tomoyo_manager {
		struct tomoyo_acl_head head;
		bool is_domain; /* True if manager is a domainname. */
		/* A path to program or a domainname. */
		const struct tomoyo_path_info *manager;
		};