TOMOYO: Fix quota and garbage collector.
Tetsuo Handa [Tue, 11 Oct 2011 05:06:41 +0000 (14:06 +0900)]
Commit 059d84db "TOMOYO: Add socket operation restriction support" and
commit 731d37aa "TOMOYO: Allow domain transition without execve()." forgot to
update tomoyo_domain_quota_is_ok() and tomoyo_del_acl() which results in
incorrect quota counting and memory leak.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/gc.c
security/tomoyo/util.c

index c3214b3..986a6a7 100644 (file)
@@ -221,6 +221,13 @@ static void tomoyo_del_acl(struct list_head *element)
                        tomoyo_put_name_union(&entry->name);
                }
                break;
+       case TOMOYO_TYPE_MANUAL_TASK_ACL:
+               {
+                       struct tomoyo_task_acl *entry =
+                               container_of(acl, typeof(*entry), head);
+                       tomoyo_put_name(entry->domainname);
+               }
+               break;
        }
 }
 
index 50e9b4c..4a9b4b2 100644 (file)
@@ -1057,6 +1057,17 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
                        perm = container_of(ptr, struct tomoyo_mkdev_acl,
                                            head)->perm;
                        break;
+               case TOMOYO_TYPE_INET_ACL:
+                       perm = container_of(ptr, struct tomoyo_inet_acl,
+                                           head)->perm;
+                       break;
+               case TOMOYO_TYPE_UNIX_ACL:
+                       perm = container_of(ptr, struct tomoyo_unix_acl,
+                                           head)->perm;
+                       break;
+               case TOMOYO_TYPE_MANUAL_TASK_ACL:
+                       perm = 0;
+                       break;
                default:
                        perm = 1;
                }