TOMOYO: Cleanup part 2.

Update (or temporarily remove) comments. Remove or replace some of #define lines. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2011-06-26 10:16:03 -0400
committer: James Morris <jmorris@namei.org> 2011-06-28 19:31:19 -0400
commit: b5bc60b4ce313b6dbb42e7d32915dcf0a07c2a68 (patch)
tree: 4a6a4f4cf1b6d0e5fa22c974fb4cf87d59a88e21 /security/tomoyo/mount.c
parent: 7c75964f432d14062d8eccfc916aa290f56b5aab (diff)
1 files changed, 37 insertions, 42 deletions
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index f1d9e1a9eff..5cfc7207874 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -7,22 +7,16 @@
 #include <linux/slab.h>
 #include "common.h"
-/* Keywords for mount restrictions. */
+/* String table for special mount operations. */
+static const char * const tomoyo_mounts[TOMOYO_MAX_SPECIAL_MOUNT] = {
-/* Allow to call 'mount --bind /source_dir /dest_dir' */
+        [TOMOYO_MOUNT_BIND]            = "--bind",
-#define TOMOYO_MOUNT_BIND_KEYWORD                        "--bind"
+        [TOMOYO_MOUNT_MOVE]            = "--move",
-/* Allow to call 'mount --move /old_dir    /new_dir ' */
+        [TOMOYO_MOUNT_REMOUNT]         = "--remount",
-#define TOMOYO_MOUNT_MOVE_KEYWORD                        "--move"
+        [TOMOYO_MOUNT_MAKE_UNBINDABLE] = "--make-unbindable",
-/* Allow to call 'mount -o remount /dir             ' */
+        [TOMOYO_MOUNT_MAKE_PRIVATE]    = "--make-private",
-#define TOMOYO_MOUNT_REMOUNT_KEYWORD                     "--remount"
+        [TOMOYO_MOUNT_MAKE_SLAVE]      = "--make-slave",
-/* Allow to call 'mount --make-unbindable /dir'       */
+        [TOMOYO_MOUNT_MAKE_SHARED]     = "--make-shared",
-#define TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD             "--make-unbindable"
+};
-/* Allow to call 'mount --make-private /dir'          */
-#define TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD                "--make-private"
-/* Allow to call 'mount --make-slave /dir'            */
-#define TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD                  "--make-slave"
-/* Allow to call 'mount --make-shared /dir'           */
-#define TOMOYO_MOUNT_MAKE_SHARED_KEYWORD                 "--make-shared"
 /**
 * tomoyo_audit_mount_log - Audit mount log.
@@ -39,22 +33,21 @@ static int tomoyo_audit_mount_log(struct tomoyo_request_info *r)
        const unsigned long flags = r->param.mount.flags;
        if (r->granted)
                return 0;
-        if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD))
+        if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT])
                tomoyo_warn_log(r, "mount -o remount %s 0x%lX", dir, flags);
-        else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD)
+        else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND]
-                 || !strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD))
+                 || type == tomoyo_mounts[TOMOYO_MOUNT_MOVE])
                tomoyo_warn_log(r, "mount %s %s %s 0x%lX", type, dev, dir,
                                flags);
-        else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) ||
+        else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] ||
-                 !strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) ||
+                 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] ||
-                 !strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) ||
+                 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] ||
-                 !strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD))
+                 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED])
                tomoyo_warn_log(r, "mount %s %s 0x%lX", type, dir, flags);
        else
                tomoyo_warn_log(r, "mount -t %s %s %s 0x%lX", type, dev, dir,
                                flags);
-        return tomoyo_supervisor(r,
+        return tomoyo_supervisor(r, "allow_mount %s %s %s 0x%lX\n",
-                                 TOMOYO_KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n",
                                 r->param.mount.dev->name,
                                 r->param.mount.dir->name, type, flags);
 }
@@ -85,7 +78,8 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
 * Caller holds tomoyo_read_lock().
 */
 static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
-                            struct path *dir, char *type, unsigned long flags)
+                            struct path *dir, const char *type,
+                            unsigned long flags)
 {
        struct path path;
        struct file_system_type *fstype = NULL;
@@ -115,15 +109,15 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
        tomoyo_fill_path_info(&rdir);
        /* Compare fs name. */
-        if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD)) {
+        if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]) {
                /* dev_name is ignored. */
-        } else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) ||
+        } else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] ||
-                   !strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) ||
+                   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] ||
-                   !strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) ||
+                   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] ||
-                   !strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD)) {
+                   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]) {
                /* dev_name is ignored. */
-        } else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD) ||
+        } else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND] ||
-                   !strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD)) {
+                   type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {
                need_dev = -1; /* dev_name is a directory */
        } else {
                fstype = get_fs_type(type);
@@ -189,8 +183,9 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
 *
 * Returns 0 on success, negative value otherwise.
 */
-int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
+int tomoyo_mount_permission(char *dev_name, struct path *path,
-                            unsigned long flags, void *data_page)
+                            const char *type, unsigned long flags,
+                            void *data_page)
 {
        struct tomoyo_request_info r;
        int error;
@@ -202,31 +197,31 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
        if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
                flags &= ~MS_MGC_MSK;
        if (flags & MS_REMOUNT) {
-                type = TOMOYO_MOUNT_REMOUNT_KEYWORD;
+                type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT];
                flags &= ~MS_REMOUNT;
        }
        if (flags & MS_MOVE) {
-                type = TOMOYO_MOUNT_MOVE_KEYWORD;
+                type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
                flags &= ~MS_MOVE;
        }
        if (flags & MS_BIND) {
-                type = TOMOYO_MOUNT_BIND_KEYWORD;
+                type = tomoyo_mounts[TOMOYO_MOUNT_BIND];
                flags &= ~MS_BIND;
        }
        if (flags & MS_UNBINDABLE) {
-                type = TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD;
+                type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
                flags &= ~MS_UNBINDABLE;
        }
        if (flags & MS_PRIVATE) {
-                type = TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD;
+                type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE];
                flags &= ~MS_PRIVATE;
        }
        if (flags & MS_SLAVE) {
-                type = TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD;
+                type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE];
                flags &= ~MS_SLAVE;
        }
        if (flags & MS_SHARED) {
-                type = TOMOYO_MOUNT_MAKE_SHARED_KEYWORD;
+                type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
                flags &= ~MS_SHARED;
        }
        if (!type)
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2011-06-26 10:16:03 -0400
committer	James Morris <jmorris@namei.org>	2011-06-28 19:31:19 -0400
commit	b5bc60b4ce313b6dbb42e7d32915dcf0a07c2a68 (patch)
tree	4a6a4f4cf1b6d0e5fa22c974fb4cf87d59a88e21 /security/tomoyo/mount.c
parent	7c75964f432d14062d8eccfc916aa290f56b5aab (diff)

diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index f1d9e1a9eff..5cfc7207874 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c
@@ -7,22 +7,16 @@
7	#include <linux/slab.h>	7	#include <linux/slab.h>
8	#include "common.h"	8	#include "common.h"
9		9
10	/* Keywords for mount restrictions. */	10	/* String table for special mount operations. */
11		11	static const char * const tomoyo_mounts[TOMOYO_MAX_SPECIAL_MOUNT] = {
12	/* Allow to call 'mount --bind /source_dir /dest_dir' */	12	[TOMOYO_MOUNT_BIND] = "--bind",
13	#define TOMOYO_MOUNT_BIND_KEYWORD "--bind"	13	[TOMOYO_MOUNT_MOVE] = "--move",
14	/* Allow to call 'mount --move /old_dir /new_dir ' */	14	[TOMOYO_MOUNT_REMOUNT] = "--remount",
15	#define TOMOYO_MOUNT_MOVE_KEYWORD "--move"	15	[TOMOYO_MOUNT_MAKE_UNBINDABLE] = "--make-unbindable",
16	/* Allow to call 'mount -o remount /dir ' */	16	[TOMOYO_MOUNT_MAKE_PRIVATE] = "--make-private",
17	#define TOMOYO_MOUNT_REMOUNT_KEYWORD "--remount"	17	[TOMOYO_MOUNT_MAKE_SLAVE] = "--make-slave",
18	/* Allow to call 'mount --make-unbindable /dir' */	18	[TOMOYO_MOUNT_MAKE_SHARED] = "--make-shared",
19	#define TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD "--make-unbindable"	19	};
20	/* Allow to call 'mount --make-private /dir' */
21	#define TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD "--make-private"
22	/* Allow to call 'mount --make-slave /dir' */
23	#define TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD "--make-slave"
24	/* Allow to call 'mount --make-shared /dir' */
25	#define TOMOYO_MOUNT_MAKE_SHARED_KEYWORD "--make-shared"
26		20
27	/**	21	/**
28	* tomoyo_audit_mount_log - Audit mount log.	22	* tomoyo_audit_mount_log - Audit mount log.
@@ -39,22 +33,21 @@ static int tomoyo_audit_mount_log(struct tomoyo_request_info *r)
39	const unsigned long flags = r->param.mount.flags;	33	const unsigned long flags = r->param.mount.flags;
40	if (r->granted)	34	if (r->granted)
41	return 0;	35	return 0;
42	if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD))	36	if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT])
43	tomoyo_warn_log(r, "mount -o remount %s 0x%lX", dir, flags);	37	tomoyo_warn_log(r, "mount -o remount %s 0x%lX", dir, flags);
44	else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD)	38	else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND]
45	\|\| !strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD))	39	\|\| type == tomoyo_mounts[TOMOYO_MOUNT_MOVE])
46	tomoyo_warn_log(r, "mount %s %s %s 0x%lX", type, dev, dir,	40	tomoyo_warn_log(r, "mount %s %s %s 0x%lX", type, dev, dir,
47	flags);	41	flags);
48	else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) \|\|	42	else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] \|\|
49	!strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) \|\|	43	type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] \|\|
50	!strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) \|\|	44	type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] \|\|
51	!strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD))	45	type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED])
52	tomoyo_warn_log(r, "mount %s %s 0x%lX", type, dir, flags);	46	tomoyo_warn_log(r, "mount %s %s 0x%lX", type, dir, flags);
53	else	47	else
54	tomoyo_warn_log(r, "mount -t %s %s %s 0x%lX", type, dev, dir,	48	tomoyo_warn_log(r, "mount -t %s %s %s 0x%lX", type, dev, dir,
55	flags);	49	flags);
56	return tomoyo_supervisor(r,	50	return tomoyo_supervisor(r, "allow_mount %s %s %s 0x%lX\n",
57	TOMOYO_KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n",
58	r->param.mount.dev->name,	51	r->param.mount.dev->name,
59	r->param.mount.dir->name, type, flags);	52	r->param.mount.dir->name, type, flags);
60	}	53	}
@@ -85,7 +78,8 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
85	* Caller holds tomoyo_read_lock().	78	* Caller holds tomoyo_read_lock().
86	*/	79	*/
87	static int tomoyo_mount_acl(struct tomoyo_request_info r, char dev_name,	80	static int tomoyo_mount_acl(struct tomoyo_request_info r, char dev_name,
88	struct path dir, char type, unsigned long flags)	81	struct path dir, const char type,
		82	unsigned long flags)
89	{	83	{
90	struct path path;	84	struct path path;
91	struct file_system_type *fstype = NULL;	85	struct file_system_type *fstype = NULL;
@@ -115,15 +109,15 @@ static int tomoyo_mount_acl(struct tomoyo_request_info r, char dev_name,
115	tomoyo_fill_path_info(&rdir);	109	tomoyo_fill_path_info(&rdir);
116		110
117	/* Compare fs name. */	111	/* Compare fs name. */
118	if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD)) {	112	if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]) {
119	/* dev_name is ignored. */	113	/* dev_name is ignored. */
120	} else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) \|\|	114	} else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] \|\|
121	!strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) \|\|	115	type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] \|\|
122	!strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) \|\|	116	type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] \|\|
123	!strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD)) {	117	type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]) {
124	/* dev_name is ignored. */	118	/* dev_name is ignored. */
125	} else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD) \|\|	119	} else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND] \|\|
126	!strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD)) {	120	type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {
127	need_dev = -1; /* dev_name is a directory */	121	need_dev = -1; /* dev_name is a directory */
128	} else {	122	} else {
129	fstype = get_fs_type(type);	123	fstype = get_fs_type(type);
@@ -189,8 +183,9 @@ static int tomoyo_mount_acl(struct tomoyo_request_info r, char dev_name,
189	*	183	*
190	* Returns 0 on success, negative value otherwise.	184	* Returns 0 on success, negative value otherwise.
191	*/	185	*/
192	int tomoyo_mount_permission(char dev_name, struct path path, char *type,	186	int tomoyo_mount_permission(char dev_name, struct path path,
193	unsigned long flags, void *data_page)	187	const char *type, unsigned long flags,
		188	void *data_page)
194	{	189	{
195	struct tomoyo_request_info r;	190	struct tomoyo_request_info r;
196	int error;	191	int error;
@@ -202,31 +197,31 @@ int tomoyo_mount_permission(char dev_name, struct path path, char *type,
202	if ((flags & MS_MGC_MSK) == MS_MGC_VAL)	197	if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
203	flags &= ~MS_MGC_MSK;	198	flags &= ~MS_MGC_MSK;
204	if (flags & MS_REMOUNT) {	199	if (flags & MS_REMOUNT) {
205	type = TOMOYO_MOUNT_REMOUNT_KEYWORD;	200	type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT];
206	flags &= ~MS_REMOUNT;	201	flags &= ~MS_REMOUNT;
207	}	202	}
208	if (flags & MS_MOVE) {	203	if (flags & MS_MOVE) {
209	type = TOMOYO_MOUNT_MOVE_KEYWORD;	204	type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
210	flags &= ~MS_MOVE;	205	flags &= ~MS_MOVE;
211	}	206	}
212	if (flags & MS_BIND) {	207	if (flags & MS_BIND) {
213	type = TOMOYO_MOUNT_BIND_KEYWORD;	208	type = tomoyo_mounts[TOMOYO_MOUNT_BIND];
214	flags &= ~MS_BIND;	209	flags &= ~MS_BIND;
215	}	210	}
216	if (flags & MS_UNBINDABLE) {	211	if (flags & MS_UNBINDABLE) {
217	type = TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD;	212	type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
218	flags &= ~MS_UNBINDABLE;	213	flags &= ~MS_UNBINDABLE;
219	}	214	}
220	if (flags & MS_PRIVATE) {	215	if (flags & MS_PRIVATE) {
221	type = TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD;	216	type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE];
222	flags &= ~MS_PRIVATE;	217	flags &= ~MS_PRIVATE;
223	}	218	}
224	if (flags & MS_SLAVE) {	219	if (flags & MS_SLAVE) {
225	type = TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD;	220	type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE];
226	flags &= ~MS_SLAVE;	221	flags &= ~MS_SLAVE;
227	}	222	}
228	if (flags & MS_SHARED) {	223	if (flags & MS_SHARED) {
229	type = TOMOYO_MOUNT_MAKE_SHARED_KEYWORD;	224	type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
230	flags &= ~MS_SHARED;	225	flags &= ~MS_SHARED;
231	}	226	}
232	if (!type)	227	if (!type)