[PATCH] TOMOYO: Return error if fails to delete a domain.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Santosh Nayak <santoshprasadnayak@xxxxxxxxx>

Call sequence:
tomoyo_write_domain() --> tomoyo_delete_domain()

In 'tomoyo_delete_domain',  return  -EINTR if locking attempt is
interrupted by signal.

At present it returns success to its caller 'tomoyo_write_domain()'
even though domain is not deleted. 'tomoyo_write_domain()' assumes
domain is deleted and returns success to its caller. This is
wrong behaviour.

'tomoyo_write_domain' should return error '-EAGAIN' to its caller if
tomoyo_delete_domain() returns -EINTR.

Signed-off-by: Santosh Nayak <santoshprasadnayak@xxxxxxxxx>
---
 security/tomoyo/common.c |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index c47d3ce..3ee1c3a 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1081,7 +1081,7 @@ static int tomoyo_delete_domain(char *domainname)
 	name.name = domainname;
 	tomoyo_fill_path_info(&name);
 	if (mutex_lock_interruptible(&tomoyo_policy_lock))
-		return 0;
+		return -EINTR;
 	/* Is there an active domain? */
 	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
 		/* Never delete tomoyo_kernel_domain */
@@ -1163,16 +1163,20 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
 	const bool is_delete = head->w.is_delete;
 	bool is_select = !is_delete && tomoyo_str_starts(&data, "select ");
 	unsigned int profile;
+	int ret = 0;
 	if (*data == '<') {
 		domain = NULL;
-		if (is_delete)
-			tomoyo_delete_domain(data);
+		if (is_delete) {
+			ret = tomoyo_delete_domain(data);
+			if (ret)
+				return -EAGAIN;
+		}
 		else if (is_select)
 			domain = tomoyo_find_domain(data);
 		else
 			domain = tomoyo_assign_domain(data, false);
 		head->w.domain = domain;
-		return 0;
+		return ret;
 	}
 	if (!domain)
 		return -EINVAL;
-- 
1.7.4.4

--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux