From 2066a36125fcbf5220990173b9d8e8bc49ad7538 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Fri, 8 Jul 2011 13:21:37 +0900 Subject: TOMOYO: Allow using UID/GID etc. of current thread as conditions. This patch adds support for permission checks using current thread's UID/GID etc. in addition to pathnames. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris --- security/tomoyo/audit.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'security/tomoyo/audit.c') diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index 967b5648dce3..9381d0e7f78f 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c @@ -25,7 +25,7 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) const pid_t gpid = task_pid_nr(current); static const int tomoyo_buffer_len = 4096; char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS); - pid_t ppid; + int pos; if (!buffer) return NULL; { @@ -33,21 +33,21 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) do_gettimeofday(&tv); tomoyo_convert_time(tv.tv_sec, &stamp); } - rcu_read_lock(); - ppid = task_tgid_vnr(current->real_parent); - rcu_read_unlock(); - snprintf(buffer, tomoyo_buffer_len - 1, - "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s " - "granted=%s (global-pid=%u) task={ pid=%u ppid=%u " - "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u " - "fsuid=%u fsgid=%u }", - stamp.year, stamp.month, stamp.day, stamp.hour, - stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode], - tomoyo_yesno(r->granted), gpid, task_tgid_vnr(current), ppid, - current_uid(), current_gid(), current_euid(), current_egid(), - current_suid(), current_sgid(), current_fsuid(), - current_fsgid()); - return buffer; + pos = snprintf(buffer, tomoyo_buffer_len - 1, + "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s " + "granted=%s (global-pid=%u) task={ pid=%u ppid=%u " + "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u " + "fsuid=%u fsgid=%u }", stamp.year, stamp.month, + stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, + tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid, + tomoyo_sys_getpid(), tomoyo_sys_getppid(), + current_uid(), current_gid(), current_euid(), + current_egid(), current_suid(), current_sgid(), + current_fsuid(), current_fsgid()); + if (pos < tomoyo_buffer_len - 1) + return buffer; + kfree(buffer); + return NULL; } /** -- cgit v1.2.3