TOMOYO: Add pathname aggregation support.

This patch allows users to aggregate programs which provide similar functionality (e.g. /usr/bin/vi and /usr/bin/emacs ). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2010-06-03 20:38:03 +0900
committer: James Morris <jmorris@namei.org> 2010-08-02 15:33:42 +1000
commit: 1084307ca097745ed6e40a192329b133a49271ac (patch)
tree: f3b2e81705afb4ca3006ebb931aa0aad426ace02 /security/tomoyo/common.c
parent: 3f629636320dfa65804779a3fc333f3147f3b064 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 3f94011c6411..bdf1ed7ca45b 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1141,6 +1141,8 @@ static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
 	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN))
 		return tomoyo_write_domain_initializer_policy(data, true,
 							      is_delete);
+	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR))
+		return tomoyo_write_aggregator_policy(data, is_delete);
 	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS))
 		return tomoyo_write_alias_policy(data, is_delete);
 	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ))
@@ -1196,6 +1198,8 @@ static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
 			head->read_var2 = NULL;
 			head->read_step = 6;
 		case 6:
+			if (!tomoyo_read_aggregator_policy(head))
+				break;
 			head->read_var2 = NULL;
 			head->read_step = 7;
 		case 7:
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2010-06-03 20:38:03 +0900
committer	James Morris <jmorris@namei.org>	2010-08-02 15:33:42 +1000
commit	1084307ca097745ed6e40a192329b133a49271ac (patch)
tree	f3b2e81705afb4ca3006ebb931aa0aad426ace02 /security/tomoyo/common.c
parent	3f629636320dfa65804779a3fc333f3147f3b064 (diff)