---

yaml
---
r: 201871
b: refs/heads/master
c: 063821c
h: refs/heads/master
i:
  201869: 5c2c6bb
  201867: 5da8ae0
  201863: 2ed75b2
  201855: f0c69eb
v: v3

[refs]

@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 475e6fa3d340e75a454ea09191a29e52e2ee6e71
+refs/heads/master: 063821c8160568b3390044390c8328e36c5696ad

trunk/security/tomoyo/common.c

@@ -594,6 +594,10 @@ static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data)
 	struct tomoyo_domain_info *domain = NULL;
 	bool global_pid = false;
 
+	if (!strcmp(data, "allow_execute")) {
+		head->print_execute_only = true;
+		return true;
+	}
 	if (sscanf(data, "pid=%u", &pid) == 1 ||
 	    (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
 		struct task_struct *p;
@@ -759,6 +763,8 @@ static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head,
 	for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
 		if (!(perm & (1 << bit)))
 			continue;
+		if (head->print_execute_only && bit != TOMOYO_TYPE_EXECUTE)
+			continue;
 		/* Print "read/write" instead of "read" and "write". */
 		if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE)
 		    && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
@@ -926,6 +932,8 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
 			= container_of(ptr, struct tomoyo_path_acl, head);
 		return tomoyo_print_path_acl(head, acl);
 	}
+	if (head->print_execute_only)
+		return true;
 	if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
 		struct tomoyo_path2_acl *acl
 			= container_of(ptr, struct tomoyo_path2_acl, head);

trunk/security/tomoyo/common.h

@@ -571,6 +571,8 @@ struct tomoyo_io_buffer {
 	bool read_single_domain;
 	/* Extra variable for reading.          */
 	u8 read_bit;
+	/* Read only TOMOYO_TYPE_EXECUTE        */
+	bool print_execute_only;
 	/* Bytes available for reading.         */
 	int read_avail;
 	/* Size of read buffer.                 */