TOMOYO: Fix incorrect enforce mode. (85258415) · Commits · 戴 / test

In tomoyo_get_mode() since 2.6.36, CONFIG::file::execute was by error used in place of CONFIG::file if CONFIG::file::execute was set to other than default. As a result, enforcing mode was not applied in a way documentation says. Signed-off-by:

Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by:

James Morris <jmorris@namei.org>

security/tomoyo/util.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -925,7 +925,8 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
		return TOMOYO_CONFIG_DISABLED;
		mode = tomoyo_profile(ns, profile)->config[index];
		if (mode == TOMOYO_CONFIG_USE_DEFAULT)
		mode = tomoyo_profile(ns, profile)->config[category];
		mode = tomoyo_profile(ns, profile)->config
		[category + TOMOYO_MAX_MAC_INDEX];
		if (mode == TOMOYO_CONFIG_USE_DEFAULT)
		mode = tomoyo_profile(ns, profile)->default_config;
		return mode & 3;

Admin message