Skip to content

Commit

Permalink
TOMOYO: Fix incorrect enforce mode.
Browse files Browse the repository at this point in the history 
In tomoyo_get_mode() since 2.6.36, CONFIG::file::execute was by error used in
place of CONFIG::file if CONFIG::file::execute was set to other than default.
As a result, enforcing mode was not applied in a way documentation says.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
  • Loading branch information
Tetsuo Handa authored and James Morris committed Sep 9, 2011
1 parent 403d1d0 commit 8525841
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion security/tomoyo/util.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -925,7 +925,8 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
return TOMOYO_CONFIG_DISABLED;
mode = tomoyo_profile(ns, profile)->config[index];
if (mode == TOMOYO_CONFIG_USE_DEFAULT)
mode = tomoyo_profile(ns, profile)->config[category];
mode = tomoyo_profile(ns, profile)->config
[category + TOMOYO_MAX_MAC_INDEX];
if (mode == TOMOYO_CONFIG_USE_DEFAULT)
mode = tomoyo_profile(ns, profile)->default_config;
return mode & 3;
Expand Down

0 comments on commit 8525841

Please sign in to comment.