TOMOYO: Remove next_domain from tomoyo_find_next_domain().
Tetsuo Handa [Fri, 19 Jun 2009 05:13:27 +0000 (14:13 +0900)]
We can update bprm->cred->security inside tomoyo_find_next_domain().

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/domain.c
security/tomoyo/tomoyo.c
security/tomoyo/tomoyo.h

index e68b105..fcf52ac 100644 (file)
@@ -786,13 +786,11 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
 /**
  * tomoyo_find_next_domain - Find a domain.
  *
- * @bprm:           Pointer to "struct linux_binprm".
- * @next_domain:    Pointer to pointer to "struct tomoyo_domain_info".
+ * @bprm: Pointer to "struct linux_binprm".
  *
  * Returns 0 on success, negative value otherwise.
  */
-int tomoyo_find_next_domain(struct linux_binprm *bprm,
-                           struct tomoyo_domain_info **next_domain)
+int tomoyo_find_next_domain(struct linux_binprm *bprm)
 {
        /*
         * This function assumes that the size of buffer returned by
@@ -914,9 +912,11 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm,
                tomoyo_set_domain_flag(old_domain, false,
                                       TOMOYO_DOMAIN_FLAGS_TRANSITION_FAILED);
  out:
+       if (!domain)
+               domain = old_domain;
+       bprm->cred->security = domain;
        tomoyo_free(real_program_name);
        tomoyo_free(symlink_program_name);
-       *next_domain = domain ? domain : old_domain;
        tomoyo_free(tmp);
        return retval;
 }
index 3194d09..35a13e7 100644 (file)
@@ -61,14 +61,8 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
         * Execute permission is checked against pathname passed to do_execve()
         * using current domain.
         */
-       if (!domain) {
-               struct tomoyo_domain_info *next_domain = NULL;
-               int retval = tomoyo_find_next_domain(bprm, &next_domain);
-
-               if (!retval)
-                       bprm->cred->security = next_domain;
-               return retval;
-       }
+       if (!domain)
+               return tomoyo_find_next_domain(bprm);
        /*
         * Read permission is checked against interpreters using next domain.
         * '1' is the result of open_to_namei_flags(O_RDONLY).
index 0fd588a..cd6ba0b 100644 (file)
@@ -31,8 +31,7 @@ int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain,
                            struct path *path2);
 int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
                                    struct file *filp);
-int tomoyo_find_next_domain(struct linux_binprm *bprm,
-                           struct tomoyo_domain_info **next_domain);
+int tomoyo_find_next_domain(struct linux_binprm *bprm);
 
 /* Index numbers for Access Controls. */