aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/group.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/group.c')
-rw-r--r--security/tomoyo/group.c61
1 files changed, 35 insertions, 26 deletions
diff --git a/security/tomoyo/group.c b/security/tomoyo/group.c
index e94352ce723..5fb0e129840 100644
--- a/security/tomoyo/group.c
+++ b/security/tomoyo/group.c
@@ -1,21 +1,37 @@
1/* 1/*
2 * security/tomoyo/group.c 2 * security/tomoyo/group.c
3 * 3 *
4 * Copyright (C) 2005-2010 NTT DATA CORPORATION 4 * Copyright (C) 2005-2011 NTT DATA CORPORATION
5 */ 5 */
6 6
7#include <linux/slab.h> 7#include <linux/slab.h>
8#include "common.h" 8#include "common.h"
9 9
10/**
11 * tomoyo_same_path_group - Check for duplicated "struct tomoyo_path_group" entry.
12 *
13 * @a: Pointer to "struct tomoyo_acl_head".
14 * @b: Pointer to "struct tomoyo_acl_head".
15 *
16 * Returns true if @a == @b, false otherwise.
17 */
10static bool tomoyo_same_path_group(const struct tomoyo_acl_head *a, 18static bool tomoyo_same_path_group(const struct tomoyo_acl_head *a,
11 const struct tomoyo_acl_head *b) 19 const struct tomoyo_acl_head *b)
12{ 20{
13 return container_of(a, struct tomoyo_path_group, head)->member_name == 21 return container_of(a, struct tomoyo_path_group, head)->member_name ==
14 container_of(b, struct tomoyo_path_group, head)->member_name; 22 container_of(b, struct tomoyo_path_group, head)->member_name;
15} 23}
16 24
25/**
26 * tomoyo_same_number_group - Check for duplicated "struct tomoyo_number_group" entry.
27 *
28 * @a: Pointer to "struct tomoyo_acl_head".
29 * @b: Pointer to "struct tomoyo_acl_head".
30 *
31 * Returns true if @a == @b, false otherwise.
32 */
17static bool tomoyo_same_number_group(const struct tomoyo_acl_head *a, 33static bool tomoyo_same_number_group(const struct tomoyo_acl_head *a,
18 const struct tomoyo_acl_head *b) 34 const struct tomoyo_acl_head *b)
19{ 35{
20 return !memcmp(&container_of(a, struct tomoyo_number_group, head) 36 return !memcmp(&container_of(a, struct tomoyo_number_group, head)
21 ->number, 37 ->number,
@@ -28,48 +44,41 @@ static bool tomoyo_same_number_group(const struct tomoyo_acl_head *a,
28/** 44/**
29 * tomoyo_write_group - Write "struct tomoyo_path_group"/"struct tomoyo_number_group" list. 45 * tomoyo_write_group - Write "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
30 * 46 *
31 * @data: String to parse. 47 * @param: Pointer to "struct tomoyo_acl_param".
32 * @is_delete: True if it is a delete request. 48 * @type: Type of this group.
33 * @type: Type of this group.
34 * 49 *
35 * Returns 0 on success, negative value otherwise. 50 * Returns 0 on success, negative value otherwise.
36 */ 51 */
37int tomoyo_write_group(char *data, const bool is_delete, const u8 type) 52int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type)
38{ 53{
39 struct tomoyo_group *group; 54 struct tomoyo_group *group = tomoyo_get_group(param, type);
40 struct list_head *member;
41 char *w[2];
42 int error = -EINVAL; 55 int error = -EINVAL;
43 if (!tomoyo_tokenize(data, w, sizeof(w)) || !w[1][0])
44 return -EINVAL;
45 group = tomoyo_get_group(w[0], type);
46 if (!group) 56 if (!group)
47 return -ENOMEM; 57 return -ENOMEM;
48 member = &group->member_list; 58 param->list = &group->member_list;
49 if (type == TOMOYO_PATH_GROUP) { 59 if (type == TOMOYO_PATH_GROUP) {
50 struct tomoyo_path_group e = { }; 60 struct tomoyo_path_group e = { };
51 e.member_name = tomoyo_get_name(w[1]); 61 e.member_name = tomoyo_get_name(tomoyo_read_token(param));
52 if (!e.member_name) { 62 if (!e.member_name) {
53 error = -ENOMEM; 63 error = -ENOMEM;
54 goto out; 64 goto out;
55 } 65 }
56 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 66 error = tomoyo_update_policy(&e.head, sizeof(e), param,
57 member, tomoyo_same_path_group); 67 tomoyo_same_path_group);
58 tomoyo_put_name(e.member_name); 68 tomoyo_put_name(e.member_name);
59 } else if (type == TOMOYO_NUMBER_GROUP) { 69 } else if (type == TOMOYO_NUMBER_GROUP) {
60 struct tomoyo_number_group e = { }; 70 struct tomoyo_number_group e = { };
61 if (w[1][0] == '@' 71 if (param->data[0] == '@' ||
62 || !tomoyo_parse_number_union(w[1], &e.number) 72 !tomoyo_parse_number_union(param, &e.number))
63 || e.number.values[0] > e.number.values[1])
64 goto out; 73 goto out;
65 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 74 error = tomoyo_update_policy(&e.head, sizeof(e), param,
66 member, tomoyo_same_number_group); 75 tomoyo_same_number_group);
67 /* 76 /*
68 * tomoyo_put_number_union() is not needed because 77 * tomoyo_put_number_union() is not needed because
69 * w[1][0] != '@'. 78 * param->data[0] != '@'.
70 */ 79 */
71 } 80 }
72 out: 81out:
73 tomoyo_put_group(group); 82 tomoyo_put_group(group);
74 return error; 83 return error;
75} 84}
@@ -77,8 +86,8 @@ int tomoyo_write_group(char *data, const bool is_delete, const u8 type)
77/** 86/**
78 * tomoyo_path_matches_group - Check whether the given pathname matches members of the given pathname group. 87 * tomoyo_path_matches_group - Check whether the given pathname matches members of the given pathname group.
79 * 88 *
80 * @pathname: The name of pathname. 89 * @pathname: The name of pathname.
81 * @group: Pointer to "struct tomoyo_path_group". 90 * @group: Pointer to "struct tomoyo_path_group".
82 * 91 *
83 * Returns matched member's pathname if @pathname matches pathnames in @group, 92 * Returns matched member's pathname if @pathname matches pathnames in @group,
84 * NULL otherwise. 93 * NULL otherwise.
generated by cgit v1.2.2 (git 2.25.0) at 2025-07-21 00:01:29 -0400