1 files changed, 225 insertions, 13 deletions
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 95d3f957223..f776400a8f3 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -1,20 +1,35 @@
 /*
 * security/tomoyo/tomoyo.c
 *
- * LSM hooks for TOMOYO Linux.
+ * Copyright (C) 2005-2011  NTT DATA CORPORATION
- *
- * Copyright (C) 2005-2010  NTT DATA CORPORATION
 */
 #include <linux/security.h>
 #include "common.h"
+/**
+ * tomoyo_cred_alloc_blank - Target for security_cred_alloc_blank().
+ *
+ * @new: Pointer to "struct cred".
+ * @gfp: Memory allocation flags.
+ *
+ * Returns 0.
+ */
 static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
 {
        new->security = NULL;
        return 0;
 }
+/**
+ * tomoyo_cred_prepare - Target for security_prepare_creds().
+ *
+ * @new: Pointer to "struct cred".
+ * @old: Pointer to "struct cred".
+ * @gfp: Memory allocation flags.
+ *
+ * Returns 0.
+ */
 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
                               gfp_t gfp)
 {
@@ -25,11 +40,22 @@ static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
        return 0;
 }
+/**
+ * tomoyo_cred_transfer - Target for security_transfer_creds().
+ *
+ * @new: Pointer to "struct cred".
+ * @old: Pointer to "struct cred".
+ */
 static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
 {
        tomoyo_cred_prepare(new, old, 0);
 }
+/**
+ * tomoyo_cred_free - Target for security_cred_free().
+ *
+ * @cred: Pointer to "struct cred".
+ */
 static void tomoyo_cred_free(struct cred *cred)
 {
        struct tomoyo_domain_info *domain = cred->security;
@@ -37,6 +63,13 @@ static void tomoyo_cred_free(struct cred *cred)
                atomic_dec(&domain->users);
 }
+/**
+ * tomoyo_bprm_set_creds - Target for security_bprm_set_creds().
+ *
+ * @bprm: Pointer to "struct linux_binprm".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
 {
        int rc;
@@ -51,12 +84,14 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
         */
        if (bprm->cred_prepared)
                return 0;
+#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
        /*
         * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
         * for the first time.
         */
        if (!tomoyo_policy_loaded)
                tomoyo_load_policy(bprm->filename);
+#endif
        /*
         * Release reference to "struct tomoyo_domain_info" stored inside
         * "bprm->cred->security". New reference to "struct tomoyo_domain_info"
@@ -73,6 +108,13 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
        return 0;
 }
+/**
+ * tomoyo_bprm_check_security - Target for security_bprm_check().
+ *
+ * @bprm: Pointer to "struct linux_binprm".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
 {
        struct tomoyo_domain_info *domain = bprm->cred->security;
@@ -90,20 +132,59 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
        /*
         * Read permission is checked against interpreters using next domain.
         */
-        return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY);
+        return tomoyo_check_open_permission(domain, &bprm->file->f_path,
+                                            O_RDONLY);
+}
+/**
+ * tomoyo_inode_getattr - Target for security_inode_getattr().
+ *
+ * @mnt:    Pointer to "struct vfsmount".
+ * @dentry: Pointer to "struct dentry".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
+static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
+{
+        struct path path = { mnt, dentry };
+        return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL);
 }
+/**
+ * tomoyo_path_truncate - Target for security_path_truncate().
+ *
+ * @path: Pointer to "struct path".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_truncate(struct path *path)
 {
-        return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path);
+        return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
 }
+/**
+ * tomoyo_path_unlink - Target for security_path_unlink().
+ *
+ * @parent: Pointer to "struct path".
+ * @dentry: Pointer to "struct dentry".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
 {
        struct path path = { parent->mnt, dentry };
-        return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path);
+        return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
 }
+/**
+ * tomoyo_path_mkdir - Target for security_path_mkdir().
+ *
+ * @parent: Pointer to "struct path".
+ * @dentry: Pointer to "struct dentry".
+ * @mode:   DAC permission mode.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
                             int mode)
 {
@@ -112,19 +193,46 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
                                       mode & S_IALLUGO);
 }
+/**
+ * tomoyo_path_rmdir - Target for security_path_rmdir().
+ *
+ * @parent: Pointer to "struct path".
+ * @dentry: Pointer to "struct dentry".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
 {
        struct path path = { parent->mnt, dentry };
-        return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path);
+        return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
 }
+/**
+ * tomoyo_path_symlink - Target for security_path_symlink().
+ *
+ * @parent:   Pointer to "struct path".
+ * @dentry:   Pointer to "struct dentry".
+ * @old_name: Symlink's content.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
                               const char *old_name)
 {
        struct path path = { parent->mnt, dentry };
-        return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path);
+        return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
 }
+/**
+ * tomoyo_path_mknod - Target for security_path_mknod().
+ *
+ * @parent: Pointer to "struct path".
+ * @dentry: Pointer to "struct dentry".
+ * @mode:   DAC permission mode.
+ * @dev:    Device attributes.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
                             int mode, unsigned int dev)
 {
@@ -155,6 +263,15 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
        return tomoyo_path_number_perm(type, &path, perm);
 }
+/**
+ * tomoyo_path_link - Target for security_path_link().
+ *
+ * @old_dentry: Pointer to "struct dentry".
+ * @new_dir:    Pointer to "struct path".
+ * @new_dentry: Pointer to "struct dentry".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
                            struct dentry *new_dentry)
 {
@@ -163,6 +280,16 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
        return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
 }
+/**
+ * tomoyo_path_rename - Target for security_path_rename().
+ *
+ * @old_parent: Pointer to "struct path".
+ * @old_dentry: Pointer to "struct dentry".
+ * @new_parent: Pointer to "struct path".
+ * @new_dentry: Pointer to "struct dentry".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_rename(struct path *old_parent,
                              struct dentry *old_dentry,
                              struct path *new_parent,
@@ -173,14 +300,32 @@ static int tomoyo_path_rename(struct path *old_parent,
        return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
 }
+/**
+ * tomoyo_file_fcntl - Target for security_file_fcntl().
+ *
+ * @file: Pointer to "struct file".
+ * @cmd:  Command for fcntl().
+ * @arg:  Argument for @cmd.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
                             unsigned long arg)
 {
-        if (cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND))
+        if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
-                return tomoyo_path_perm(TOMOYO_TYPE_REWRITE, &file->f_path);
+                return 0;
-        return 0;
+        return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
+                                            O_WRONLY | (arg & O_APPEND));
 }
+/**
+ * tomoyo_dentry_open - Target for security_dentry_open().
+ *
+ * @f:    Pointer to "struct file".
+ * @cred: Pointer to "struct cred".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_dentry_open(struct file *f, const struct cred *cred)
 {
        int flags = f->f_flags;
@@ -190,12 +335,30 @@ static int tomoyo_dentry_open(struct file *f, const struct cred *cred)
        return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
 }
+/**
+ * tomoyo_file_ioctl - Target for security_file_ioctl().
+ *
+ * @file: Pointer to "struct file".
+ * @cmd:  Command for ioctl().
+ * @arg:  Argument for @cmd.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
                             unsigned long arg)
 {
        return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
 }
+/**
+ * tomoyo_path_chmod - Target for security_path_chmod().
+ *
+ * @dentry: Pointer to "struct dentry".
+ * @mnt:    Pointer to "struct vfsmount".
+ * @mode:   DAC permission mode.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
                             mode_t mode)
 {
@@ -204,6 +367,15 @@ static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
                                       mode & S_IALLUGO);
 }
+/**
+ * tomoyo_path_chown - Target for security_path_chown().
+ *
+ * @path: Pointer to "struct path".
+ * @uid:  Owner ID.
+ * @gid:  Group ID.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
 {
        int error = 0;
@@ -214,23 +386,57 @@ static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
        return error;
 }
+/**
+ * tomoyo_path_chroot - Target for security_path_chroot().
+ *
+ * @path: Pointer to "struct path".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_path_chroot(struct path *path)
 {
-        return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path);
+        return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
 }
+/**
+ * tomoyo_sb_mount - Target for security_sb_mount().
+ *
+ * @dev_name: Name of device file. Maybe NULL.
+ * @path:     Pointer to "struct path".
+ * @type:     Name of filesystem type. Maybe NULL.
+ * @flags:    Mount options.
+ * @data:     Optional data. Maybe NULL.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_sb_mount(char *dev_name, struct path *path,
                           char *type, unsigned long flags, void *data)
 {
        return tomoyo_mount_permission(dev_name, path, type, flags, data);
 }
+/**
+ * tomoyo_sb_umount - Target for security_sb_umount().
+ *
+ * @mnt:   Pointer to "struct vfsmount".
+ * @flags: Unmount options.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
 {
        struct path path = { mnt, mnt->mnt_root };
-        return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path);
+        return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
 }
+/**
+ * tomoyo_sb_pivotroot - Target for security_sb_pivotroot().
+ *
+ * @old_path: Pointer to "struct path".
+ * @new_path: Pointer to "struct path".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
 static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
 {
        return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
@@ -258,6 +464,7 @@ static struct security_operations tomoyo_security_ops = {
        .path_mknod          = tomoyo_path_mknod,
        .path_link           = tomoyo_path_link,
        .path_rename         = tomoyo_path_rename,
+        .inode_getattr       = tomoyo_inode_getattr,
        .file_ioctl          = tomoyo_file_ioctl,
        .path_chmod          = tomoyo_path_chmod,
        .path_chown          = tomoyo_path_chown,
@@ -270,6 +477,11 @@ static struct security_operations tomoyo_security_ops = {
 /* Lock for GC. */
 struct srcu_struct tomoyo_ss;
+/**
+ * tomoyo_init - Register TOMOYO Linux as a LSM module.
+ *
+ * Returns 0.
+ */
 static int __init tomoyo_init(void)
 {
        struct cred *cred = (struct cred *) current_cred();

diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 95d3f957223..f776400a8f3 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c
@@ -1,20 +1,35 @@
1	/*	1	/*
2	* security/tomoyo/tomoyo.c	2	* security/tomoyo/tomoyo.c
3	*	3	*
4	* LSM hooks for TOMOYO Linux.	4	* Copyright (C) 2005-2011 NTT DATA CORPORATION
5	*
6	* Copyright (C) 2005-2010 NTT DATA CORPORATION
7	*/	5	*/
8		6
9	#include <linux/security.h>	7	#include <linux/security.h>
10	#include "common.h"	8	#include "common.h"
11		9
		10	/**
		11	* tomoyo_cred_alloc_blank - Target for security_cred_alloc_blank().
		12	*
		13	* @new: Pointer to "struct cred".
		14	* @gfp: Memory allocation flags.
		15	*
		16	* Returns 0.
		17	*/
12	static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)	18	static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
13	{	19	{
14	new->security = NULL;	20	new->security = NULL;
15	return 0;	21	return 0;
16	}	22	}
17		23
		24	/**
		25	* tomoyo_cred_prepare - Target for security_prepare_creds().
		26	*
		27	* @new: Pointer to "struct cred".
		28	* @old: Pointer to "struct cred".
		29	* @gfp: Memory allocation flags.
		30	*
		31	* Returns 0.
		32	*/
18	static int tomoyo_cred_prepare(struct cred new, const struct cred old,	33	static int tomoyo_cred_prepare(struct cred new, const struct cred old,
19	gfp_t gfp)	34	gfp_t gfp)
20	{	35	{
@@ -25,11 +40,22 @@ static int tomoyo_cred_prepare(struct cred new, const struct cred old,
25	return 0;	40	return 0;
26	}	41	}
27		42
		43	/**
		44	* tomoyo_cred_transfer - Target for security_transfer_creds().
		45	*
		46	* @new: Pointer to "struct cred".
		47	* @old: Pointer to "struct cred".
		48	*/
28	static void tomoyo_cred_transfer(struct cred new, const struct cred old)	49	static void tomoyo_cred_transfer(struct cred new, const struct cred old)
29	{	50	{
30	tomoyo_cred_prepare(new, old, 0);	51	tomoyo_cred_prepare(new, old, 0);
31	}	52	}
32		53
		54	/**
		55	* tomoyo_cred_free - Target for security_cred_free().
		56	*
		57	* @cred: Pointer to "struct cred".
		58	*/
33	static void tomoyo_cred_free(struct cred *cred)	59	static void tomoyo_cred_free(struct cred *cred)
34	{	60	{
35	struct tomoyo_domain_info *domain = cred->security;	61	struct tomoyo_domain_info *domain = cred->security;
@@ -37,6 +63,13 @@ static void tomoyo_cred_free(struct cred *cred)
37	atomic_dec(&domain->users);	63	atomic_dec(&domain->users);
38	}	64	}
39		65
		66	/**
		67	* tomoyo_bprm_set_creds - Target for security_bprm_set_creds().
		68	*
		69	* @bprm: Pointer to "struct linux_binprm".
		70	*
		71	* Returns 0 on success, negative value otherwise.
		72	*/
40	static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)	73	static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
41	{	74	{
42	int rc;	75	int rc;
@@ -51,12 +84,14 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
51	*/	84	*/
52	if (bprm->cred_prepared)	85	if (bprm->cred_prepared)
53	return 0;	86	return 0;
		87	#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
54	/*	88	/*
55	* Load policy if /sbin/tomoyo-init exists and /sbin/init is requested	89	* Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
56	* for the first time.	90	* for the first time.
57	*/	91	*/
58	if (!tomoyo_policy_loaded)	92	if (!tomoyo_policy_loaded)
59	tomoyo_load_policy(bprm->filename);	93	tomoyo_load_policy(bprm->filename);
		94	#endif
60	/*	95	/*
61	* Release reference to "struct tomoyo_domain_info" stored inside	96	* Release reference to "struct tomoyo_domain_info" stored inside
62	* "bprm->cred->security". New reference to "struct tomoyo_domain_info"	97	* "bprm->cred->security". New reference to "struct tomoyo_domain_info"
@@ -73,6 +108,13 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
73	return 0;	108	return 0;
74	}	109	}
75		110
		111	/**
		112	* tomoyo_bprm_check_security - Target for security_bprm_check().
		113	*
		114	* @bprm: Pointer to "struct linux_binprm".
		115	*
		116	* Returns 0 on success, negative value otherwise.
		117	*/
76	static int tomoyo_bprm_check_security(struct linux_binprm *bprm)	118	static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
77	{	119	{
78	struct tomoyo_domain_info *domain = bprm->cred->security;	120	struct tomoyo_domain_info *domain = bprm->cred->security;
@@ -90,20 +132,59 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
90	/*	132	/*
91	* Read permission is checked against interpreters using next domain.	133	* Read permission is checked against interpreters using next domain.
92	*/	134	*/
93	return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY);	135	return tomoyo_check_open_permission(domain, &bprm->file->f_path,
		136	O_RDONLY);
		137	}
		138
		139	/**
		140	* tomoyo_inode_getattr - Target for security_inode_getattr().
		141	*
		142	* @mnt: Pointer to "struct vfsmount".
		143	* @dentry: Pointer to "struct dentry".
		144	*
		145	* Returns 0 on success, negative value otherwise.
		146	*/
		147	static int tomoyo_inode_getattr(struct vfsmount mnt, struct dentry dentry)
		148	{
		149	struct path path = { mnt, dentry };
		150	return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL);
94	}	151	}
95		152
		153	/**
		154	* tomoyo_path_truncate - Target for security_path_truncate().
		155	*
		156	* @path: Pointer to "struct path".
		157	*
		158	* Returns 0 on success, negative value otherwise.
		159	*/
96	static int tomoyo_path_truncate(struct path *path)	160	static int tomoyo_path_truncate(struct path *path)
97	{	161	{
98	return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path);	162	return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
99	}	163	}
100		164
		165	/**
		166	* tomoyo_path_unlink - Target for security_path_unlink().
		167	*
		168	* @parent: Pointer to "struct path".
		169	* @dentry: Pointer to "struct dentry".
		170	*
		171	* Returns 0 on success, negative value otherwise.
		172	*/
101	static int tomoyo_path_unlink(struct path parent, struct dentry dentry)	173	static int tomoyo_path_unlink(struct path parent, struct dentry dentry)
102	{	174	{
103	struct path path = { parent->mnt, dentry };	175	struct path path = { parent->mnt, dentry };
104	return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path);	176	return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
105	}	177	}
106		178
		179	/**
		180	* tomoyo_path_mkdir - Target for security_path_mkdir().
		181	*
		182	* @parent: Pointer to "struct path".
		183	* @dentry: Pointer to "struct dentry".
		184	* @mode: DAC permission mode.
		185	*
		186	* Returns 0 on success, negative value otherwise.
		187	*/
107	static int tomoyo_path_mkdir(struct path parent, struct dentry dentry,	188	static int tomoyo_path_mkdir(struct path parent, struct dentry dentry,
108	int mode)	189	int mode)
109	{	190	{
@@ -112,19 +193,46 @@ static int tomoyo_path_mkdir(struct path parent, struct dentry dentry,
112	mode & S_IALLUGO);	193	mode & S_IALLUGO);
113	}	194	}
114		195
		196	/**
		197	* tomoyo_path_rmdir - Target for security_path_rmdir().
		198	*
		199	* @parent: Pointer to "struct path".
		200	* @dentry: Pointer to "struct dentry".
		201	*
		202	* Returns 0 on success, negative value otherwise.
		203	*/
115	static int tomoyo_path_rmdir(struct path parent, struct dentry dentry)	204	static int tomoyo_path_rmdir(struct path parent, struct dentry dentry)
116	{	205	{
117	struct path path = { parent->mnt, dentry };	206	struct path path = { parent->mnt, dentry };
118	return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path);	207	return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
119	}	208	}
120		209
		210	/**
		211	* tomoyo_path_symlink - Target for security_path_symlink().
		212	*
		213	* @parent: Pointer to "struct path".
		214	* @dentry: Pointer to "struct dentry".
		215	* @old_name: Symlink's content.
		216	*
		217	* Returns 0 on success, negative value otherwise.
		218	*/
121	static int tomoyo_path_symlink(struct path parent, struct dentry dentry,	219	static int tomoyo_path_symlink(struct path parent, struct dentry dentry,
122	const char *old_name)	220	const char *old_name)
123	{	221	{
124	struct path path = { parent->mnt, dentry };	222	struct path path = { parent->mnt, dentry };
125	return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path);	223	return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
126	}	224	}
127		225
		226	/**
		227	* tomoyo_path_mknod - Target for security_path_mknod().
		228	*
		229	* @parent: Pointer to "struct path".
		230	* @dentry: Pointer to "struct dentry".
		231	* @mode: DAC permission mode.
		232	* @dev: Device attributes.
		233	*
		234	* Returns 0 on success, negative value otherwise.
		235	*/
128	static int tomoyo_path_mknod(struct path parent, struct dentry dentry,	236	static int tomoyo_path_mknod(struct path parent, struct dentry dentry,
129	int mode, unsigned int dev)	237	int mode, unsigned int dev)
130	{	238	{
@@ -155,6 +263,15 @@ static int tomoyo_path_mknod(struct path parent, struct dentry dentry,
155	return tomoyo_path_number_perm(type, &path, perm);	263	return tomoyo_path_number_perm(type, &path, perm);
156	}	264	}
157		265
		266	/**
		267	* tomoyo_path_link - Target for security_path_link().
		268	*
		269	* @old_dentry: Pointer to "struct dentry".
		270	* @new_dir: Pointer to "struct path".
		271	* @new_dentry: Pointer to "struct dentry".
		272	*
		273	* Returns 0 on success, negative value otherwise.
		274	*/
158	static int tomoyo_path_link(struct dentry old_dentry, struct path new_dir,	275	static int tomoyo_path_link(struct dentry old_dentry, struct path new_dir,
159	struct dentry *new_dentry)	276	struct dentry *new_dentry)
160	{	277	{
@@ -163,6 +280,16 @@ static int tomoyo_path_link(struct dentry old_dentry, struct path new_dir,
163	return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);	280	return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
164	}	281	}
165		282
		283	/**
		284	* tomoyo_path_rename - Target for security_path_rename().
		285	*
		286	* @old_parent: Pointer to "struct path".
		287	* @old_dentry: Pointer to "struct dentry".
		288	* @new_parent: Pointer to "struct path".
		289	* @new_dentry: Pointer to "struct dentry".
		290	*
		291	* Returns 0 on success, negative value otherwise.
		292	*/
166	static int tomoyo_path_rename(struct path *old_parent,	293	static int tomoyo_path_rename(struct path *old_parent,
167	struct dentry *old_dentry,	294	struct dentry *old_dentry,
168	struct path *new_parent,	295	struct path *new_parent,
@@ -173,14 +300,32 @@ static int tomoyo_path_rename(struct path *old_parent,
173	return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);	300	return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
174	}	301	}
175		302
		303	/**
		304	* tomoyo_file_fcntl - Target for security_file_fcntl().
		305	*
		306	* @file: Pointer to "struct file".
		307	* @cmd: Command for fcntl().
		308	* @arg: Argument for @cmd.
		309	*
		310	* Returns 0 on success, negative value otherwise.
		311	*/
176	static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,	312	static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
177	unsigned long arg)	313	unsigned long arg)
178	{	314	{
179	if (cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND))	315	if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
180	return tomoyo_path_perm(TOMOYO_TYPE_REWRITE, &file->f_path);	316	return 0;
181	return 0;	317	return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
		318	O_WRONLY \| (arg & O_APPEND));
182	}	319	}
183		320
		321	/**
		322	* tomoyo_dentry_open - Target for security_dentry_open().
		323	*
		324	* @f: Pointer to "struct file".
		325	* @cred: Pointer to "struct cred".
		326	*
		327	* Returns 0 on success, negative value otherwise.
		328	*/
184	static int tomoyo_dentry_open(struct file f, const struct cred cred)	329	static int tomoyo_dentry_open(struct file f, const struct cred cred)
185	{	330	{
186	int flags = f->f_flags;	331	int flags = f->f_flags;
@@ -190,12 +335,30 @@ static int tomoyo_dentry_open(struct file f, const struct cred cred)
190	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);	335	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
191	}	336	}
192		337
		338	/**
		339	* tomoyo_file_ioctl - Target for security_file_ioctl().
		340	*
		341	* @file: Pointer to "struct file".
		342	* @cmd: Command for ioctl().
		343	* @arg: Argument for @cmd.
		344	*
		345	* Returns 0 on success, negative value otherwise.
		346	*/
193	static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,	347	static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
194	unsigned long arg)	348	unsigned long arg)
195	{	349	{
196	return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);	350	return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
197	}	351	}
198		352
		353	/**
		354	* tomoyo_path_chmod - Target for security_path_chmod().
		355	*
		356	* @dentry: Pointer to "struct dentry".
		357	* @mnt: Pointer to "struct vfsmount".
		358	* @mode: DAC permission mode.
		359	*
		360	* Returns 0 on success, negative value otherwise.
		361	*/
199	static int tomoyo_path_chmod(struct dentry dentry, struct vfsmount mnt,	362	static int tomoyo_path_chmod(struct dentry dentry, struct vfsmount mnt,
200	mode_t mode)	363	mode_t mode)
201	{	364	{
@@ -204,6 +367,15 @@ static int tomoyo_path_chmod(struct dentry dentry, struct vfsmount mnt,
204	mode & S_IALLUGO);	367	mode & S_IALLUGO);
205	}	368	}
206		369
		370	/**
		371	* tomoyo_path_chown - Target for security_path_chown().
		372	*
		373	* @path: Pointer to "struct path".
		374	* @uid: Owner ID.
		375	* @gid: Group ID.
		376	*
		377	* Returns 0 on success, negative value otherwise.
		378	*/
207	static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)	379	static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
208	{	380	{
209	int error = 0;	381	int error = 0;
@@ -214,23 +386,57 @@ static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
214	return error;	386	return error;
215	}	387	}
216		388
		389	/**
		390	* tomoyo_path_chroot - Target for security_path_chroot().
		391	*
		392	* @path: Pointer to "struct path".
		393	*
		394	* Returns 0 on success, negative value otherwise.
		395	*/
217	static int tomoyo_path_chroot(struct path *path)	396	static int tomoyo_path_chroot(struct path *path)
218	{	397	{
219	return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path);	398	return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
220	}	399	}
221		400
		401	/**
		402	* tomoyo_sb_mount - Target for security_sb_mount().
		403	*
		404	* @dev_name: Name of device file. Maybe NULL.
		405	* @path: Pointer to "struct path".
		406	* @type: Name of filesystem type. Maybe NULL.
		407	* @flags: Mount options.
		408	* @data: Optional data. Maybe NULL.
		409	*
		410	* Returns 0 on success, negative value otherwise.
		411	*/
222	static int tomoyo_sb_mount(char dev_name, struct path path,	412	static int tomoyo_sb_mount(char dev_name, struct path path,
223	char type, unsigned long flags, void data)	413	char type, unsigned long flags, void data)
224	{	414	{
225	return tomoyo_mount_permission(dev_name, path, type, flags, data);	415	return tomoyo_mount_permission(dev_name, path, type, flags, data);
226	}	416	}
227		417
		418	/**
		419	* tomoyo_sb_umount - Target for security_sb_umount().
		420	*
		421	* @mnt: Pointer to "struct vfsmount".
		422	* @flags: Unmount options.
		423	*
		424	* Returns 0 on success, negative value otherwise.
		425	*/
228	static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)	426	static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
229	{	427	{
230	struct path path = { mnt, mnt->mnt_root };	428	struct path path = { mnt, mnt->mnt_root };
231	return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path);	429	return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
232	}	430	}
233		431
		432	/**
		433	* tomoyo_sb_pivotroot - Target for security_sb_pivotroot().
		434	*
		435	* @old_path: Pointer to "struct path".
		436	* @new_path: Pointer to "struct path".
		437	*
		438	* Returns 0 on success, negative value otherwise.
		439	*/
234	static int tomoyo_sb_pivotroot(struct path old_path, struct path new_path)	440	static int tomoyo_sb_pivotroot(struct path old_path, struct path new_path)
235	{	441	{
236	return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);	442	return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
@@ -258,6 +464,7 @@ static struct security_operations tomoyo_security_ops = {
258	.path_mknod = tomoyo_path_mknod,	464	.path_mknod = tomoyo_path_mknod,
259	.path_link = tomoyo_path_link,	465	.path_link = tomoyo_path_link,
260	.path_rename = tomoyo_path_rename,	466	.path_rename = tomoyo_path_rename,
		467	.inode_getattr = tomoyo_inode_getattr,
261	.file_ioctl = tomoyo_file_ioctl,	468	.file_ioctl = tomoyo_file_ioctl,
262	.path_chmod = tomoyo_path_chmod,	469	.path_chmod = tomoyo_path_chmod,
263	.path_chown = tomoyo_path_chown,	470	.path_chown = tomoyo_path_chown,
@@ -270,6 +477,11 @@ static struct security_operations tomoyo_security_ops = {
270	/* Lock for GC. */	477	/* Lock for GC. */
271	struct srcu_struct tomoyo_ss;	478	struct srcu_struct tomoyo_ss;
272		479
		480	/**
		481	* tomoyo_init - Register TOMOYO Linux as a LSM module.
		482	*
		483	* Returns 0.
		484	*/
273	static int __init tomoyo_init(void)	485	static int __init tomoyo_init(void)
274	{	486	{
275	struct cred cred = (struct cred ) current_cred();	487	struct cred cred = (struct cred ) current_cred();