summaryrefslogtreecommitdiff
path: root/security/tomoyo/domain.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2011-06-26 23:15:31 +0900
committerJames Morris <jmorris@namei.org>2011-06-29 09:31:19 +1000
commit7c75964f432d14062d8eccfc916aa290f56b5aab (patch)
tree8aecdb96f9f079dd36735c3acccb79f3d10d6559 /security/tomoyo/domain.c
parent1252cc3b232e582e887623dc5f70979418caaaa2 (diff)
TOMOYO: Cleanup part 1.
In order to synchronize with TOMOYO 1.8's syntax, (1) Remove special handling for allow_read/write permission. (2) Replace deny_rewrite/allow_rewrite permission with allow_append permission. (3) Remove file_pattern keyword. (4) Remove allow_read permission from exception policy. (5) Allow creating domains in enforcing mode without calling supervisor. (6) Add permission check for opening directory for reading. (7) Add permission check for stat() operation. (8) Make "cat < /sys/kernel/security/tomoyo/self_domain" behave as if "cat /sys/kernel/security/tomoyo/self_domain". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r--security/tomoyo/domain.c13
1 files changed, 2 insertions, 11 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 35388408e475..355b536262b1 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -510,17 +510,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
if (domain || strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10)
goto done;
domain = tomoyo_find_domain(tmp);
- if (domain)
- goto done;
- if (is_enforce) {
- int error = tomoyo_supervisor(&r, "# wants to create domain\n"
- "%s\n", tmp);
- if (error == TOMOYO_RETRY_REQUEST)
- goto retry;
- if (error < 0)
- goto done;
- }
- domain = tomoyo_assign_domain(tmp, old_domain->profile);
+ if (!domain)
+ domain = tomoyo_assign_domain(tmp, old_domain->profile);
done:
if (domain)
goto out;