Re: [PATCH v3 07/16] TOMOYO: Abstract use of cred security blob
From: Kees Cook
Date: Thu Sep 20 2018 - 13:13:23 EST
On Wed, Sep 19, 2018 at 5:20 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> @@ -539,13 +557,16 @@ DEFINE_SRCU(tomoyo_ss);
> static int __init tomoyo_init(void)
> {
> struct cred *cred = (struct cred *) current_cred();
> + struct tomoyo_domain_info **blob;
>
> if (!security_module_enable("tomoyo"))
> return 0;
> +
> /* register ourselves with the security framework */
> security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
> printk(KERN_INFO "TOMOYO Linux initialized\n");
> - cred->security = &tomoyo_kernel_domain;
> + blob = tomoyo_cred(cred);
> + *blob = &tomoyo_kernel_domain;
> tomoyo_mm_init();
> return 0;
> }
This is missing "tomoyo_enabled = true;" which is included in the next
patch but should be here.
-Kees
--
Kees Cook
Pixel Security