diff options
Diffstat (limited to 'security/tomoyo/common.h')
| -rw-r--r-- | security/tomoyo/common.h | 78 |
1 files changed, 24 insertions, 54 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index d0645733c10..7aa55eef67b 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
| @@ -219,6 +219,12 @@ struct tomoyo_acl_head { | |||
| 219 | bool is_deleted; | 219 | bool is_deleted; |
| 220 | } __packed; | 220 | } __packed; |
| 221 | 221 | ||
| 222 | /* Common header for shared entries. */ | ||
| 223 | struct tomoyo_shared_acl_head { | ||
| 224 | struct list_head list; | ||
| 225 | atomic_t users; | ||
| 226 | } __packed; | ||
| 227 | |||
| 222 | /* Structure for request info. */ | 228 | /* Structure for request info. */ |
| 223 | struct tomoyo_request_info { | 229 | struct tomoyo_request_info { |
| 224 | struct tomoyo_domain_info *domain; | 230 | struct tomoyo_domain_info *domain; |
| @@ -281,8 +287,7 @@ struct tomoyo_path_info { | |||
| 281 | 287 | ||
| 282 | /* Structure for holding string data. */ | 288 | /* Structure for holding string data. */ |
| 283 | struct tomoyo_name { | 289 | struct tomoyo_name { |
| 284 | struct list_head list; | 290 | struct tomoyo_shared_acl_head head; |
| 285 | atomic_t users; | ||
| 286 | struct tomoyo_path_info entry; | 291 | struct tomoyo_path_info entry; |
| 287 | }; | 292 | }; |
| 288 | 293 | ||
| @@ -291,8 +296,6 @@ struct tomoyo_name_union { | |||
| 291 | /* Either @filename or @group is NULL. */ | 296 | /* Either @filename or @group is NULL. */ |
| 292 | const struct tomoyo_path_info *filename; | 297 | const struct tomoyo_path_info *filename; |
| 293 | struct tomoyo_group *group; | 298 | struct tomoyo_group *group; |
| 294 | /* True if @group != NULL, false if @filename != NULL. */ | ||
| 295 | u8 is_group; | ||
| 296 | }; | 299 | }; |
| 297 | 300 | ||
| 298 | /* Structure for holding a number. */ | 301 | /* Structure for holding a number. */ |
| @@ -300,18 +303,14 @@ struct tomoyo_number_union { | |||
| 300 | unsigned long values[2]; | 303 | unsigned long values[2]; |
| 301 | struct tomoyo_group *group; /* Maybe NULL. */ | 304 | struct tomoyo_group *group; /* Maybe NULL. */ |
| 302 | /* One of values in "enum tomoyo_value_type". */ | 305 | /* One of values in "enum tomoyo_value_type". */ |
| 303 | u8 min_type; | 306 | u8 value_type[2]; |
| 304 | u8 max_type; | ||
| 305 | /* True if @group != NULL, false otherwise. */ | ||
| 306 | u8 is_group; | ||
| 307 | }; | 307 | }; |
| 308 | 308 | ||
| 309 | /* Structure for "path_group"/"number_group" directive. */ | 309 | /* Structure for "path_group"/"number_group" directive. */ |
| 310 | struct tomoyo_group { | 310 | struct tomoyo_group { |
| 311 | struct list_head list; | 311 | struct tomoyo_shared_acl_head head; |
| 312 | const struct tomoyo_path_info *group_name; | 312 | const struct tomoyo_path_info *group_name; |
| 313 | struct list_head member_list; | 313 | struct list_head member_list; |
| 314 | atomic_t users; | ||
| 315 | }; | 314 | }; |
| 316 | 315 | ||
| 317 | /* Structure for "path_group" directive. */ | 316 | /* Structure for "path_group" directive. */ |
| @@ -429,16 +428,18 @@ struct tomoyo_io_buffer { | |||
| 429 | bool print_execute_only; | 428 | bool print_execute_only; |
| 430 | const char *w[TOMOYO_MAX_IO_READ_QUEUE]; | 429 | const char *w[TOMOYO_MAX_IO_READ_QUEUE]; |
| 431 | } r; | 430 | } r; |
| 432 | /* The position currently writing to. */ | 431 | struct { |
| 433 | struct tomoyo_domain_info *write_var1; | 432 | /* The position currently writing to. */ |
| 433 | struct tomoyo_domain_info *domain; | ||
| 434 | /* Bytes available for writing. */ | ||
| 435 | int avail; | ||
| 436 | } w; | ||
| 434 | /* Buffer for reading. */ | 437 | /* Buffer for reading. */ |
| 435 | char *read_buf; | 438 | char *read_buf; |
| 436 | /* Size of read buffer. */ | 439 | /* Size of read buffer. */ |
| 437 | int readbuf_size; | 440 | int readbuf_size; |
| 438 | /* Buffer for writing. */ | 441 | /* Buffer for writing. */ |
| 439 | char *write_buf; | 442 | char *write_buf; |
| 440 | /* Bytes available for writing. */ | ||
| 441 | int write_avail; | ||
| 442 | /* Size of write buffer. */ | 443 | /* Size of write buffer. */ |
| 443 | int writebuf_size; | 444 | int writebuf_size; |
| 444 | /* Type of this interface. */ | 445 | /* Type of this interface. */ |
| @@ -500,12 +501,12 @@ void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...) | |||
| 500 | __attribute__ ((format(printf, 2, 3))); | 501 | __attribute__ ((format(printf, 2, 3))); |
| 501 | void tomoyo_check_profile(void); | 502 | void tomoyo_check_profile(void); |
| 502 | int tomoyo_open_control(const u8 type, struct file *file); | 503 | int tomoyo_open_control(const u8 type, struct file *file); |
| 503 | int tomoyo_close_control(struct file *file); | 504 | int tomoyo_close_control(struct tomoyo_io_buffer *head); |
| 504 | int tomoyo_poll_control(struct file *file, poll_table *wait); | 505 | int tomoyo_poll_control(struct file *file, poll_table *wait); |
| 505 | int tomoyo_read_control(struct file *file, char __user *buffer, | 506 | int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, |
| 506 | const int buffer_len); | 507 | const int buffer_len); |
| 507 | int tomoyo_write_control(struct file *file, const char __user *buffer, | 508 | int tomoyo_write_control(struct tomoyo_io_buffer *head, |
| 508 | const int buffer_len); | 509 | const char __user *buffer, const int buffer_len); |
| 509 | bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r); | 510 | bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r); |
| 510 | void tomoyo_warn_oom(const char *function); | 511 | void tomoyo_warn_oom(const char *function); |
| 511 | const struct tomoyo_path_info * | 512 | const struct tomoyo_path_info * |
| @@ -672,30 +673,6 @@ static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, | |||
| 672 | } | 673 | } |
| 673 | 674 | ||
| 674 | /** | 675 | /** |
| 675 | * tomoyo_valid - Check whether the character is a valid char. | ||
| 676 | * | ||
| 677 | * @c: The character to check. | ||
| 678 | * | ||
| 679 | * Returns true if @c is a valid character, false otherwise. | ||
| 680 | */ | ||
| 681 | static inline bool tomoyo_valid(const unsigned char c) | ||
| 682 | { | ||
| 683 | return c > ' ' && c < 127; | ||
| 684 | } | ||
| 685 | |||
| 686 | /** | ||
| 687 | * tomoyo_invalid - Check whether the character is an invalid char. | ||
| 688 | * | ||
| 689 | * @c: The character to check. | ||
| 690 | * | ||
| 691 | * Returns true if @c is an invalid character, false otherwise. | ||
| 692 | */ | ||
| 693 | static inline bool tomoyo_invalid(const unsigned char c) | ||
| 694 | { | ||
| 695 | return c && (c <= ' ' || c >= 127); | ||
| 696 | } | ||
| 697 | |||
| 698 | /** | ||
| 699 | * tomoyo_put_name - Drop reference on "struct tomoyo_name". | 676 | * tomoyo_put_name - Drop reference on "struct tomoyo_name". |
| 700 | * | 677 | * |
| 701 | * @name: Pointer to "struct tomoyo_path_info". Maybe NULL. | 678 | * @name: Pointer to "struct tomoyo_path_info". Maybe NULL. |
| @@ -707,7 +684,7 @@ static inline void tomoyo_put_name(const struct tomoyo_path_info *name) | |||
| 707 | if (name) { | 684 | if (name) { |
| 708 | struct tomoyo_name *ptr = | 685 | struct tomoyo_name *ptr = |
| 709 | container_of(name, typeof(*ptr), entry); | 686 | container_of(name, typeof(*ptr), entry); |
| 710 | atomic_dec(&ptr->users); | 687 | atomic_dec(&ptr->head.users); |
| 711 | } | 688 | } |
| 712 | } | 689 | } |
| 713 | 690 | ||
| @@ -721,7 +698,7 @@ static inline void tomoyo_put_name(const struct tomoyo_path_info *name) | |||
| 721 | static inline void tomoyo_put_group(struct tomoyo_group *group) | 698 | static inline void tomoyo_put_group(struct tomoyo_group *group) |
| 722 | { | 699 | { |
| 723 | if (group) | 700 | if (group) |
| 724 | atomic_dec(&group->users); | 701 | atomic_dec(&group->head.users); |
| 725 | } | 702 | } |
| 726 | 703 | ||
| 727 | /** | 704 | /** |
| @@ -747,12 +724,6 @@ static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct | |||
| 747 | return task_cred_xxx(task, security); | 724 | return task_cred_xxx(task, security); |
| 748 | } | 725 | } |
| 749 | 726 | ||
| 750 | static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *p1, | ||
| 751 | const struct tomoyo_acl_info *p2) | ||
| 752 | { | ||
| 753 | return p1->type == p2->type; | ||
| 754 | } | ||
| 755 | |||
| 756 | /** | 727 | /** |
| 757 | * tomoyo_same_name_union - Check for duplicated "struct tomoyo_name_union" entry. | 728 | * tomoyo_same_name_union - Check for duplicated "struct tomoyo_name_union" entry. |
| 758 | * | 729 | * |
| @@ -764,8 +735,7 @@ static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *p1, | |||
| 764 | static inline bool tomoyo_same_name_union | 735 | static inline bool tomoyo_same_name_union |
| 765 | (const struct tomoyo_name_union *a, const struct tomoyo_name_union *b) | 736 | (const struct tomoyo_name_union *a, const struct tomoyo_name_union *b) |
| 766 | { | 737 | { |
| 767 | return a->filename == b->filename && a->group == b->group && | 738 | return a->filename == b->filename && a->group == b->group; |
| 768 | a->is_group == b->is_group; | ||
| 769 | } | 739 | } |
| 770 | 740 | ||
| 771 | /** | 741 | /** |
| @@ -780,8 +750,8 @@ static inline bool tomoyo_same_number_union | |||
| 780 | (const struct tomoyo_number_union *a, const struct tomoyo_number_union *b) | 750 | (const struct tomoyo_number_union *a, const struct tomoyo_number_union *b) |
| 781 | { | 751 | { |
| 782 | return a->values[0] == b->values[0] && a->values[1] == b->values[1] && | 752 | return a->values[0] == b->values[0] && a->values[1] == b->values[1] && |
| 783 | a->group == b->group && a->min_type == b->min_type && | 753 | a->group == b->group && a->value_type[0] == b->value_type[0] && |
| 784 | a->max_type == b->max_type && a->is_group == b->is_group; | 754 | a->value_type[1] == b->value_type[1]; |
| 785 | } | 755 | } |
| 786 | 756 | ||
| 787 | /** | 757 | /** |