TOMOYO: Fix quota and garbage collector.

Commit 059d84d "TOMOYO: Add socket operation restriction support" and commit 731d37a "TOMOYO: Allow domain transition without execve()." forgot to update tomoyo_domain_quota_is_ok() and tomoyo_del_acl() which results in incorrect quota counting and memory leak. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
git-mirror · Oct 12, 2011 · 545a726 · 545a726
1 parent e2b8b25
commit 545a726
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
@@ -221,6 +221,13 @@ static void tomoyo_del_acl(struct list_head *element)
 			tomoyo_put_name_union(&entry->name);
 		}
 		break;
+	case TOMOYO_TYPE_MANUAL_TASK_ACL:
+		{
+			struct tomoyo_task_acl *entry =
+				container_of(acl, typeof(*entry), head);
+			tomoyo_put_name(entry->domainname);
+		}
+		break;
 	}
 }
 

diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
@@ -1057,6 +1057,17 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
 			perm = container_of(ptr, struct tomoyo_mkdev_acl,
 					    head)->perm;
 			break;
+		case TOMOYO_TYPE_INET_ACL:
+			perm = container_of(ptr, struct tomoyo_inet_acl,
+					    head)->perm;
+			break;
+		case TOMOYO_TYPE_UNIX_ACL:
+			perm = container_of(ptr, struct tomoyo_unix_acl,
+					    head)->perm;
+			break;
+		case TOMOYO_TYPE_MANUAL_TASK_ACL:
+			perm = 0;
+			break;
 		default:
 			perm = 1;
 		}