From 545a7260343bbaf11c7f1a4b8c3d9660bb9266e5 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Tue, 11 Oct 2011 14:06:41 +0900 Subject: TOMOYO: Fix quota and garbage collector. Commit 059d84db "TOMOYO: Add socket operation restriction support" and commit 731d37aa "TOMOYO: Allow domain transition without execve()." forgot to update tomoyo_domain_quota_is_ok() and tomoyo_del_acl() which results in incorrect quota counting and memory leak. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris --- security/tomoyo/gc.c | 7 +++++++ security/tomoyo/util.c | 11 +++++++++++ 2 files changed, 18 insertions(+) (limited to 'security') diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index c3214b32dbfb..986a6a756868 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -221,6 +221,13 @@ static void tomoyo_del_acl(struct list_head *element) tomoyo_put_name_union(&entry->name); } break; + case TOMOYO_TYPE_MANUAL_TASK_ACL: + { + struct tomoyo_task_acl *entry = + container_of(acl, typeof(*entry), head); + tomoyo_put_name(entry->domainname); + } + break; } } diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 50e9b4c73ceb..4a9b4b2eb755 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -1057,6 +1057,17 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) perm = container_of(ptr, struct tomoyo_mkdev_acl, head)->perm; break; + case TOMOYO_TYPE_INET_ACL: + perm = container_of(ptr, struct tomoyo_inet_acl, + head)->perm; + break; + case TOMOYO_TYPE_UNIX_ACL: + perm = container_of(ptr, struct tomoyo_unix_acl, + head)->perm; + break; + case TOMOYO_TYPE_MANUAL_TASK_ACL: + perm = 0; + break; default: perm = 1; } -- cgit v1.2.3-58-ga151