Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 545a7260 authored Oct 11, 2011 by Tetsuo Handa Committed by James Morris Oct 12, 2011

TOMOYO: Fix quota and garbage collector.

Commit 059d84db "TOMOYO: Add socket operation restriction support" and
commit 731d37aa "TOMOYO: Allow domain transition without execve()." forgot to
update tomoyo_domain_quota_is_ok() and tomoyo_del_acl() which results in
incorrect quota counting and memory leak.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

parent e2b8b25a

security/tomoyo/gc.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -221,6 +221,13 @@ static void tomoyo_del_acl(struct list_head *element)
		tomoyo_put_name_union(&entry->name);
		}
		break;
		case TOMOYO_TYPE_MANUAL_TASK_ACL:
		{
		struct tomoyo_task_acl *entry =
		container_of(acl, typeof(*entry), head);
		tomoyo_put_name(entry->domainname);
		}
		break;
		}
		}

security/tomoyo/util.c

+11 −0

Original line number	Diff line number	Diff line
		@@ -1057,6 +1057,17 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
		perm = container_of(ptr, struct tomoyo_mkdev_acl,
		head)->perm;
		break;
		case TOMOYO_TYPE_INET_ACL:
		perm = container_of(ptr, struct tomoyo_inet_acl,
		head)->perm;
		break;
		case TOMOYO_TYPE_UNIX_ACL:
		perm = container_of(ptr, struct tomoyo_unix_acl,
		head)->perm;
		break;
		case TOMOYO_TYPE_MANUAL_TASK_ACL:
		perm = 0;
		break;
		default:
		perm = 1;
		}