TOMOYO: Allow using UID/GID etc. of current thread as conditions.
This patch adds support for permission checks using current thread's UID/GID
etc. in addition to pathnames.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c
index 967b564..9381d0e 100644
--- a/security/tomoyo/audit.c
+++ b/security/tomoyo/audit.c
@@ -25,7 +25,7 @@
const pid_t gpid = task_pid_nr(current);
static const int tomoyo_buffer_len = 4096;
char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);
- pid_t ppid;
+ int pos;
if (!buffer)
return NULL;
{
@@ -33,21 +33,21 @@
do_gettimeofday(&tv);
tomoyo_convert_time(tv.tv_sec, &stamp);
}
- rcu_read_lock();
- ppid = task_tgid_vnr(current->real_parent);
- rcu_read_unlock();
- snprintf(buffer, tomoyo_buffer_len - 1,
- "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "
- "granted=%s (global-pid=%u) task={ pid=%u ppid=%u "
- "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u "
- "fsuid=%u fsgid=%u }",
- stamp.year, stamp.month, stamp.day, stamp.hour,
- stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode],
- tomoyo_yesno(r->granted), gpid, task_tgid_vnr(current), ppid,
- current_uid(), current_gid(), current_euid(), current_egid(),
- current_suid(), current_sgid(), current_fsuid(),
- current_fsgid());
- return buffer;
+ pos = snprintf(buffer, tomoyo_buffer_len - 1,
+ "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "
+ "granted=%s (global-pid=%u) task={ pid=%u ppid=%u "
+ "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u "
+ "fsuid=%u fsgid=%u }", stamp.year, stamp.month,
+ stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile,
+ tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid,
+ tomoyo_sys_getpid(), tomoyo_sys_getppid(),
+ current_uid(), current_gid(), current_euid(),
+ current_egid(), current_suid(), current_sgid(),
+ current_fsuid(), current_fsgid());
+ if (pos < tomoyo_buffer_len - 1)
+ return buffer;
+ kfree(buffer);
+ return NULL;
}
/**