forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2024-05-10 cde9070d9970eef1f7ec2360586c802a16230ad8 
 kernel/security/tomoyo/securityfs_if.c
....@@ -21,6 +21,7 @@
2121 {
2222 	const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl),
2323 							 head);
24
+
2425 	return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname);
2526 }
2627 
....@@ -42,6 +43,7 @@
4243 {
4344 	char *data;
4445 	int error;
46
+
4547 	if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10)
4648 		return -ENOMEM;
4749 	data = memdup_user_nul(buf, count);
....@@ -52,6 +54,7 @@
5254 		const int idx = tomoyo_read_lock();
5355 		struct tomoyo_path_info name;
5456 		struct tomoyo_request_info r;
57
+
5558 		name.name = data;
5659 		tomoyo_fill_path_info(&name);
5760 		/* Check "task manual_domain_transition" permission. */
....@@ -67,18 +70,14 @@
6770 			if (!new_domain) {
6871 				error = -ENOENT;
6972 			} else {
70
-				struct cred *cred = prepare_creds();
71
-				if (!cred) {
72
-					error = -ENOMEM;
73
-				} else {
74
-					struct tomoyo_domain_info *old_domain =
75
-						cred->security;
76
-					cred->security = new_domain;
77
-					atomic_inc(&new_domain->users);
78
-					atomic_dec(&old_domain->users);
79
-					commit_creds(cred);
80
-					error = 0;
81
-				}
73
+				struct tomoyo_task *s = tomoyo_task(current);
74
+				struct tomoyo_domain_info *old_domain =
75
+					s->domain_info;
76
+
77
+				s->domain_info = new_domain;
78
+				atomic_inc(&new_domain->users);
79
+				atomic_dec(&old_domain->users);
80
+				error = 0;
8281 			}
8382 		}
8483 		tomoyo_read_unlock(idx);
....@@ -104,6 +103,7 @@
104103 	const char *domain = tomoyo_domain()->domainname->name;
105104 	loff_t len = strlen(domain);
106105 	loff_t pos = *ppos;
106
+
107107 	if (pos >= len || !count)
108108 		return 0;
109109 	len -= pos;
....@@ -234,10 +234,14 @@
234234  */
235235 static int __init tomoyo_initerface_init(void)
236236 {
237
+	struct tomoyo_domain_info *domain;
237238 	struct dentry *tomoyo_dir;
238239 
240
+	if (!tomoyo_enabled)
241
+		return 0;
242
+	domain = tomoyo_domain();
239243 	/* Don't create securityfs entries unless registered. */
240
-	if (current_cred()->security != &tomoyo_kernel_domain)
244
+	if (domain != &tomoyo_kernel_domain)
241245 		return 0;
242246 
243247 	tomoyo_dir = securityfs_create_dir("tomoyo", NULL);