Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 5625f2e3266319fd29fe4f1c76ccd3f550c79ac4^! / . / security / tomoyo / file.c
commit5625f2e3266319fd29fe4f1c76ccd3f550c79ac4[log] [tgz]
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>Sun Jun 26 23:20:23 2011 +0900
committerJames Morris <jmorris@namei.org>Wed Jun 29 09:31:21 2011 +1000
tree190e96d956213b22da705872094ebdf5272af972
parentbd03a3e4c9a9df0c6b007045fa7fc8889111a478 [diff] [blame]
TOMOYO: Change pathname for non-rename()able filesystems.

TOMOYO wants to use /proc/self/ rather than /proc/$PID/ if $PID matches current
thread's process ID in order to prevent current thread from accessing other
process's information unless needed.

But since procfs can be mounted on various locations (e.g. /proc/ /proc2/ /p/
/tmp/foo/100/p/ ), TOMOYO cannot tell that whether the numeric part in the
string returned by __d_path() represents process ID or not.

Therefore, to be able to convert from $PID to self no matter where procfs is
mounted, this patch changes pathname representations for filesystems which do
not support rename() operation (e.g. proc, sysfs, securityfs).

Examples:
  /proc/self/mounts => proc:/self/mounts
  /sys/kernel/security/ => sys:/kernel/security/
  /dev/pts/0 => devpts:/0

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 323ddc7..8410f28 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c

@@ -712,7 +712,7 @@
 	int idx;
 
 	if (tomoyo_init_request_info(&r, NULL, tomoyo_pn2mac[type])
-	    == TOMOYO_CONFIG_DISABLED || !path->mnt || !path->dentry)
+	    == TOMOYO_CONFIG_DISABLED || !path->dentry)
 		return 0;
 	idx = tomoyo_read_lock();
 	if (!tomoyo_get_realpath(&buf, path))
@@ -753,8 +753,6 @@
 	struct tomoyo_request_info r;
 	int idx;
 
-	if (!path->mnt)
-		return 0;
 	buf.name = NULL;
 	r.mode = TOMOYO_CONFIG_DISABLED;
 	idx = tomoyo_read_lock();
@@ -798,8 +796,6 @@
 	bool is_enforce;
 	int idx;
 
-	if (!path->mnt)
-		return 0;
 	if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation])
 	    == TOMOYO_CONFIG_DISABLED)
 		return 0;
@@ -842,8 +838,7 @@
 	struct tomoyo_path_info buf;
 	int idx;
 
-	if (!path->mnt ||
-	    tomoyo_init_request_info(&r, NULL, tomoyo_pnnn2mac[operation])
+	if (tomoyo_init_request_info(&r, NULL, tomoyo_pnnn2mac[operation])
 	    == TOMOYO_CONFIG_DISABLED)
 		return 0;
 	idx = tomoyo_read_lock();
@@ -884,8 +879,7 @@
 	struct tomoyo_request_info r;
 	int idx;
 
-	if (!path1->mnt || !path2->mnt ||
-	    tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation])
+	if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation])
 	    == TOMOYO_CONFIG_DISABLED)
 		return 0;
 	buf1.name = NULL;