From 5b636857fee642694e287e3a181b523b16098c93 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Fri, 8 Jul 2011 13:24:54 +0900 Subject: TOMOYO: Allow using argv[]/envp[] of execve() as conditions. This patch adds support for permission checks using argv[]/envp[] of execve() request. Hooks are in the last patch of this pathset. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris --- security/tomoyo/gc.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'security/tomoyo/gc.c') diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index e0502b6d5866..1ac3312059f6 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -358,6 +358,8 @@ void tomoyo_del_condition(struct list_head *element) const u16 condc = cond->condc; const u16 numbers_count = cond->numbers_count; const u16 names_count = cond->names_count; + const u16 argc = cond->argc; + const u16 envc = cond->envc; unsigned int i; const struct tomoyo_condition_element *condp = (const struct tomoyo_condition_element *) (cond + 1); @@ -365,10 +367,20 @@ void tomoyo_del_condition(struct list_head *element) = (struct tomoyo_number_union *) (condp + condc); struct tomoyo_name_union *names_p = (struct tomoyo_name_union *) (numbers_p + numbers_count); + const struct tomoyo_argv *argv + = (const struct tomoyo_argv *) (names_p + names_count); + const struct tomoyo_envp *envp + = (const struct tomoyo_envp *) (argv + argc); for (i = 0; i < numbers_count; i++) tomoyo_put_number_union(numbers_p++); for (i = 0; i < names_count; i++) tomoyo_put_name_union(names_p++); + for (i = 0; i < argc; argv++, i++) + tomoyo_put_name(argv->value); + for (i = 0; i < envc; envp++, i++) { + tomoyo_put_name(envp->name); + tomoyo_put_name(envp->value); + } } /** -- cgit v1.2.3