TOMOYO: Allow using argv[]/envp[] of execve() as conditions.

This patch adds support for permission checks using argv[]/envp[] of execve()
request. Hooks are in the last patch of this pathset.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/gc.c

@@ -358,6 +358,8 @@ void tomoyo_del_condition(struct list_head *element)
 	const u16 condc = cond->condc;
 	const u16 numbers_count = cond->numbers_count;
 	const u16 names_count = cond->names_count;
+	const u16 argc = cond->argc;
+	const u16 envc = cond->envc;
 	unsigned int i;
 	const struct tomoyo_condition_element *condp
 		= (const struct tomoyo_condition_element *) (cond + 1);
@@ -365,10 +367,20 @@ void tomoyo_del_condition(struct list_head *element)
 		= (struct tomoyo_number_union *) (condp + condc);
 	struct tomoyo_name_union *names_p
 		= (struct tomoyo_name_union *) (numbers_p + numbers_count);
+	const struct tomoyo_argv *argv
+		= (const struct tomoyo_argv *) (names_p + names_count);
+	const struct tomoyo_envp *envp
+		= (const struct tomoyo_envp *) (argv + argc);
 	for (i = 0; i < numbers_count; i++)
 		tomoyo_put_number_union(numbers_p++);
 	for (i = 0; i < names_count; i++)
 		tomoyo_put_name_union(names_p++);
+	for (i = 0; i < argc; argv++, i++)
+		tomoyo_put_name(argv->value);
+	for (i = 0; i < envc; envp++, i++) {
+		tomoyo_put_name(envp->name);
+		tomoyo_put_name(envp->value);
+	}
 }
 
 /**