TOMOYO: Fix incorrect enforce mode.

In tomoyo_get_mode() since 2.6.36, CONFIG::file::execute was by error used in
place of CONFIG::file if CONFIG::file::execute was set to other than default.
As a result, enforcing mode was not applied in a way documentation says.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index c36bd1107fc8bbf549dbbc11b7ca7c21b61276a1..6a4195a4b93c45a8a4715b737a0c2ad87d3e55f8 100644 (file)
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -925,7 +925,8 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
                return TOMOYO_CONFIG_DISABLED;
        mode = tomoyo_profile(ns, profile)->config[index];
        if (mode == TOMOYO_CONFIG_USE_DEFAULT)
-               mode = tomoyo_profile(ns, profile)->config[category];
+               mode = tomoyo_profile(ns, profile)->config
+                       [category + TOMOYO_MAX_MAC_INDEX];
        if (mode == TOMOYO_CONFIG_USE_DEFAULT)
                mode = tomoyo_profile(ns, profile)->default_config;
        return mode & 3;