From 7d2dbd6c74e16546b383cc76a40465f039a91869 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Thu, 24 Jun 2010 12:00:25 +0900
Subject: [PATCH] --- yaml --- r: 201871 b: refs/heads/master c:
 063821c8160568b3390044390c8328e36c5696ad h: refs/heads/master i:   201869:
 5c2c6bbfc3fe59ea6c338244038883f5f206f487   201867:
 5da8ae01d6cc92c11f82484c4932df75ce697eec   201863:
 2ed75b2599719d50a7162ccf549d382aba5fd244   201855:
 f0c69ebe46147538c92c3afde50876869b1c2c86 v: v3

---
 [refs]                         | 2 +-
 trunk/security/tomoyo/common.c | 8 ++++++++
 trunk/security/tomoyo/common.h | 2 ++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 24823f537862..3d5bb0c4cec5 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 475e6fa3d340e75a454ea09191a29e52e2ee6e71
+refs/heads/master: 063821c8160568b3390044390c8328e36c5696ad
diff --git a/trunk/security/tomoyo/common.c b/trunk/security/tomoyo/common.c
index 2a5330ec06c9..6c68981c0f5f 100644
--- a/trunk/security/tomoyo/common.c
+++ b/trunk/security/tomoyo/common.c
@@ -594,6 +594,10 @@ static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data)
 	struct tomoyo_domain_info *domain = NULL;
 	bool global_pid = false;
 
+	if (!strcmp(data, "allow_execute")) {
+		head->print_execute_only = true;
+		return true;
+	}
 	if (sscanf(data, "pid=%u", &pid) == 1 ||
 	    (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
 		struct task_struct *p;
@@ -759,6 +763,8 @@ static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head,
 	for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
 		if (!(perm & (1 << bit)))
 			continue;
+		if (head->print_execute_only && bit != TOMOYO_TYPE_EXECUTE)
+			continue;
 		/* Print "read/write" instead of "read" and "write". */
 		if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE)
 		    && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
@@ -926,6 +932,8 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
 			= container_of(ptr, struct tomoyo_path_acl, head);
 		return tomoyo_print_path_acl(head, acl);
 	}
+	if (head->print_execute_only)
+		return true;
 	if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
 		struct tomoyo_path2_acl *acl
 			= container_of(ptr, struct tomoyo_path2_acl, head);
diff --git a/trunk/security/tomoyo/common.h b/trunk/security/tomoyo/common.h
index cdc9ef56fd86..67b9aeae80a7 100644
--- a/trunk/security/tomoyo/common.h
+++ b/trunk/security/tomoyo/common.h
@@ -571,6 +571,8 @@ struct tomoyo_io_buffer {
 	bool read_single_domain;
 	/* Extra variable for reading.          */
 	u8 read_bit;
+	/* Read only TOMOYO_TYPE_EXECUTE        */
+	bool print_execute_only;
 	/* Bytes available for reading.         */
 	int read_avail;
 	/* Size of read buffer.                 */