From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Thu, 25 Aug 2011 12:15:00 +0000 (+0900)
Subject: TOMOYO: Fix incorrect enforce mode.
X-Git-Url: http://drtracing.org/?a=commitdiff_plain;h=852584157c55c1689bcf3809ea44b79870c3e409;p=deliverable%2Flinux.git

TOMOYO: Fix incorrect enforce mode.

In tomoyo_get_mode() since 2.6.36, CONFIG::file::execute was by error used in
place of CONFIG::file if CONFIG::file::execute was set to other than default.
As a result, enforcing mode was not applied in a way documentation says.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
---

diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index c36bd1107fc8..6a4195a4b93c 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -925,7 +925,8 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
 		return TOMOYO_CONFIG_DISABLED;
 	mode = tomoyo_profile(ns, profile)->config[index];
 	if (mode == TOMOYO_CONFIG_USE_DEFAULT)
-		mode = tomoyo_profile(ns, profile)->config[category];
+		mode = tomoyo_profile(ns, profile)->config
+			[category + TOMOYO_MAX_MAC_INDEX];
 	if (mode == TOMOYO_CONFIG_USE_DEFAULT)
 		mode = tomoyo_profile(ns, profile)->default_config;
 	return mode & 3;