xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Vork 0
Code Kwesties Pull-aanvragen Actions Packages Projecten Publicaties Wiki Activiteit

TOMOYO: Change pathname for non-rename()able filesystems.

Bladeren bron 
TOMOYO wants to use /proc/self/ rather than /proc/$PID/ if $PID matches current
thread's process ID in order to prevent current thread from accessing other
process's information unless needed.

But since procfs can be mounted on various locations (e.g. /proc/ /proc2/ /p/
/tmp/foo/100/p/ ), TOMOYO cannot tell that whether the numeric part in the
string returned by __d_path() represents process ID or not.

Therefore, to be able to convert from $PID to self no matter where procfs is
mounted, this patch changes pathname representations for filesystems which do
not support rename() operation (e.g. proc, sysfs, securityfs).

Examples:
  /proc/self/mounts => proc:/self/mounts
  /sys/kernel/security/ => sys:/kernel/security/
  /dev/pts/0 => devpts:/0

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Tetsuo Handa
2011-06-26 23:20:23 +09:00
gecommit door James Morris
bovenliggende bd03a3e4c9
commit 5625f2e326
2 gewijzigde bestanden met toevoegingen van 180 en 54 verwijderingen
Download Patch-bestand Download Diff-bestand Expand all files Collapse all files

12
security/tomoyo/file.c
Bestand weergeven

@@ -712,7 +712,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
int idx;
if (tomoyo_init_request_info(&r, NULL, tomoyo_pn2mac[type])
== TOMOYO_CONFIG_DISABLED || !path->mnt || !path->dentry)
== TOMOYO_CONFIG_DISABLED || !path->dentry)
return 0;
idx = tomoyo_read_lock();
if (!tomoyo_get_realpath(&buf, path))
@@ -753,8 +753,6 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
struct tomoyo_request_info r;
int idx;
if (!path->mnt)
return 0;
buf.name = NULL;
r.mode = TOMOYO_CONFIG_DISABLED;
idx = tomoyo_read_lock();
@@ -798,8 +796,6 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
bool is_enforce;
int idx;
if (!path->mnt)
return 0;
if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation])
== TOMOYO_CONFIG_DISABLED)
return 0;
@@ -842,8 +838,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
struct tomoyo_path_info buf;
int idx;
if (!path->mnt ||
tomoyo_init_request_info(&r, NULL, tomoyo_pnnn2mac[operation])
if (tomoyo_init_request_info(&r, NULL, tomoyo_pnnn2mac[operation])
== TOMOYO_CONFIG_DISABLED)
return 0;
idx = tomoyo_read_lock();
@@ -884,8 +879,7 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
struct tomoyo_request_info r;
int idx;
if (!path1->mnt || !path2->mnt ||
tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation])
if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation])
== TOMOYO_CONFIG_DISABLED)
return 0;
buf1.name = NULL;