TOMOYO: Pass parameters via structure.

To make it possible to use callback function, pass parameters via "struct tomoyo_request_info". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2010-06-16 03:21:36 -0400
committer: James Morris <jmorris@namei.org> 2010-08-02 01:34:32 -0400
commit: cf6e9a6468ec82a94cbc707b607452ec4454182c (patch)
tree: 6b289c8575f1915395d3c1348d473ab07fbe34a8
parent: 05336dee9f5a23c042e5938b42f996dd35e31ee6 (diff)
3 files changed, 58 insertions, 1 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 203454025410..f055e273ec02 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -212,6 +212,39 @@ struct tomoyo_acl_head {
 */
 struct tomoyo_request_info {
        struct tomoyo_domain_info *domain;
+        /* For holding parameters. */
+        union {
+                struct {
+                        const struct tomoyo_path_info *filename;
+                        u8 operation;
+                } path;
+                struct {
+                        const struct tomoyo_path_info *filename1;
+                        const struct tomoyo_path_info *filename2;
+                        u8 operation;
+                } path2;
+                struct {
+                        const struct tomoyo_path_info *filename;
+                        unsigned int mode;
+                        unsigned int major;
+                        unsigned int minor;
+                        u8 operation;
+                } mkdev;
+                struct {
+                        const struct tomoyo_path_info *filename;
+                        unsigned long number;
+                        u8 operation;
+                } path_number;
+                struct {
+                        const struct tomoyo_path_info *type;
+                        const struct tomoyo_path_info *dir;
+                        const struct tomoyo_path_info *dev;
+                        unsigned long flags;
+                        int need_dev;
+                } mount;
+        } param;
+        u8 param_type;
+        bool granted;
        u8 retry;
        u8 profile;
        u8 mode; /* One of tomoyo_mode_index . */
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 50875d7e8603..32661df10e85 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -973,6 +973,9 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
        r->mode = tomoyo_get_mode(r->profile, r->type);
        if (r->mode == TOMOYO_CONFIG_DISABLED)
                return 0;
+        r->param_type = TOMOYO_TYPE_PATH_ACL;
+        r->param.path.filename = filename;
+        r->param.path.operation = operation;
        do {
                error = tomoyo_path_acl(r, filename, 1 << operation);
                if (error && operation == TOMOYO_TYPE_READ &&
@@ -1143,6 +1146,10 @@ static int tomoyo_path_number_perm2(struct tomoyo_request_info *r,
                break;
        }
        tomoyo_print_ulong(buffer, sizeof(buffer), number, radix);
+        r->param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
+        r->param.path_number.operation = type;
+        r->param.path_number.filename = filename;
+        r->param.path_number.number = number;
        do {
                error = tomoyo_path_number_acl(r, type, filename, number);
                if (!error)
@@ -1369,8 +1376,15 @@ int tomoyo_path_number3_perm(const u8 operation, struct path *path,
        idx = tomoyo_read_lock();
        error = -ENOMEM;
        if (tomoyo_get_realpath(&buf, path)) {
+                dev = new_decode_dev(dev);
+                r.param_type = TOMOYO_TYPE_PATH_NUMBER3_ACL;
+                r.param.mkdev.filename = &buf;
+                r.param.mkdev.operation = operation;
+                r.param.mkdev.mode = mode;
+                r.param.mkdev.major = MAJOR(dev);
+                r.param.mkdev.minor = MINOR(dev);
                error = tomoyo_path_number3_perm2(&r, operation, &buf, mode,
-                                                  new_decode_dev(dev));
+                                                  dev);
                kfree(buf.name);
        }
        tomoyo_read_unlock(idx);
@@ -1421,6 +1435,10 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
                tomoyo_add_slash(&buf2);
                break;
        }
+        r.param_type = TOMOYO_TYPE_PATH2_ACL;
+        r.param.path2.operation = operation;
+        r.param.path2.filename1 = &buf1;
+        r.param.path2.filename2 = &buf2;
        do {
                error = tomoyo_path2_acl(&r, operation, &buf1, &buf2);
                if (!error)
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index c170b41c3833..554de173152c 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -112,6 +112,12 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
        }
        rdev.name = requested_dev_name;
        tomoyo_fill_path_info(&rdev);
+        r->param_type = TOMOYO_TYPE_MOUNT_ACL;
+        r->param.mount.need_dev = need_dev;
+        r->param.mount.dev = &rdev;
+        r->param.mount.dir = &rdir;
+        r->param.mount.type = &rtype;
+        r->param.mount.flags = flags;
        list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) {
                struct tomoyo_mount_acl *acl;
                if (ptr->is_deleted || ptr->type != TOMOYO_TYPE_MOUNT_ACL)
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2010-06-16 03:21:36 -0400
committer	James Morris <jmorris@namei.org>	2010-08-02 01:34:32 -0400
commit	cf6e9a6468ec82a94cbc707b607452ec4454182c (patch)
tree	6b289c8575f1915395d3c1348d473ab07fbe34a8
parent	05336dee9f5a23c042e5938b42f996dd35e31ee6 (diff)

diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 203454025410..f055e273ec02 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h
@@ -212,6 +212,39 @@ struct tomoyo_acl_head {
212	*/	212	*/
213	struct tomoyo_request_info {	213	struct tomoyo_request_info {
214	struct tomoyo_domain_info *domain;	214	struct tomoyo_domain_info *domain;
		215	/* For holding parameters. */
		216	union {
		217	struct {
		218	const struct tomoyo_path_info *filename;
		219	u8 operation;
		220	} path;
		221	struct {
		222	const struct tomoyo_path_info *filename1;
		223	const struct tomoyo_path_info *filename2;
		224	u8 operation;
		225	} path2;
		226	struct {
		227	const struct tomoyo_path_info *filename;
		228	unsigned int mode;
		229	unsigned int major;
		230	unsigned int minor;
		231	u8 operation;
		232	} mkdev;
		233	struct {
		234	const struct tomoyo_path_info *filename;
		235	unsigned long number;
		236	u8 operation;
		237	} path_number;
		238	struct {
		239	const struct tomoyo_path_info *type;
		240	const struct tomoyo_path_info *dir;
		241	const struct tomoyo_path_info *dev;
		242	unsigned long flags;
		243	int need_dev;
		244	} mount;
		245	} param;
		246	u8 param_type;
		247	bool granted;
215	u8 retry;	248	u8 retry;
216	u8 profile;	249	u8 profile;
217	u8 mode; /* One of tomoyo_mode_index . */	250	u8 mode; /* One of tomoyo_mode_index . */


diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 50875d7e8603..32661df10e85 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c
@@ -973,6 +973,9 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
973	r->mode = tomoyo_get_mode(r->profile, r->type);	973	r->mode = tomoyo_get_mode(r->profile, r->type);
974	if (r->mode == TOMOYO_CONFIG_DISABLED)	974	if (r->mode == TOMOYO_CONFIG_DISABLED)
975	return 0;	975	return 0;
		976	r->param_type = TOMOYO_TYPE_PATH_ACL;
		977	r->param.path.filename = filename;
		978	r->param.path.operation = operation;
976	do {	979	do {
977	error = tomoyo_path_acl(r, filename, 1 << operation);	980	error = tomoyo_path_acl(r, filename, 1 << operation);
978	if (error && operation == TOMOYO_TYPE_READ &&	981	if (error && operation == TOMOYO_TYPE_READ &&
@@ -1143,6 +1146,10 @@ static int tomoyo_path_number_perm2(struct tomoyo_request_info *r,
1143	break;	1146	break;
1144	}	1147	}
1145	tomoyo_print_ulong(buffer, sizeof(buffer), number, radix);	1148	tomoyo_print_ulong(buffer, sizeof(buffer), number, radix);
		1149	r->param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
		1150	r->param.path_number.operation = type;
		1151	r->param.path_number.filename = filename;
		1152	r->param.path_number.number = number;
1146	do {	1153	do {
1147	error = tomoyo_path_number_acl(r, type, filename, number);	1154	error = tomoyo_path_number_acl(r, type, filename, number);
1148	if (!error)	1155	if (!error)
@@ -1369,8 +1376,15 @@ int tomoyo_path_number3_perm(const u8 operation, struct path *path,
1369	idx = tomoyo_read_lock();	1376	idx = tomoyo_read_lock();
1370	error = -ENOMEM;	1377	error = -ENOMEM;
1371	if (tomoyo_get_realpath(&buf, path)) {	1378	if (tomoyo_get_realpath(&buf, path)) {
		1379	dev = new_decode_dev(dev);
		1380	r.param_type = TOMOYO_TYPE_PATH_NUMBER3_ACL;
		1381	r.param.mkdev.filename = &buf;
		1382	r.param.mkdev.operation = operation;
		1383	r.param.mkdev.mode = mode;
		1384	r.param.mkdev.major = MAJOR(dev);
		1385	r.param.mkdev.minor = MINOR(dev);
1372	error = tomoyo_path_number3_perm2(&r, operation, &buf, mode,	1386	error = tomoyo_path_number3_perm2(&r, operation, &buf, mode,
1373	new_decode_dev(dev));	1387	dev);
1374	kfree(buf.name);	1388	kfree(buf.name);
1375	}	1389	}
1376	tomoyo_read_unlock(idx);	1390	tomoyo_read_unlock(idx);
@@ -1421,6 +1435,10 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
1421	tomoyo_add_slash(&buf2);	1435	tomoyo_add_slash(&buf2);
1422	break;	1436	break;
1423	}	1437	}
		1438	r.param_type = TOMOYO_TYPE_PATH2_ACL;
		1439	r.param.path2.operation = operation;
		1440	r.param.path2.filename1 = &buf1;
		1441	r.param.path2.filename2 = &buf2;
1424	do {	1442	do {
1425	error = tomoyo_path2_acl(&r, operation, &buf1, &buf2);	1443	error = tomoyo_path2_acl(&r, operation, &buf1, &buf2);
1426	if (!error)	1444	if (!error)


diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index c170b41c3833..554de173152c 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c
@@ -112,6 +112,12 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info r, char dev_name,
112	}	112	}
113	rdev.name = requested_dev_name;	113	rdev.name = requested_dev_name;
114	tomoyo_fill_path_info(&rdev);	114	tomoyo_fill_path_info(&rdev);
		115	r->param_type = TOMOYO_TYPE_MOUNT_ACL;
		116	r->param.mount.need_dev = need_dev;
		117	r->param.mount.dev = &rdev;
		118	r->param.mount.dir = &rdir;
		119	r->param.mount.type = &rtype;
		120	r->param.mount.flags = flags;
115	list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) {	121	list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) {
116	struct tomoyo_mount_acl *acl;	122	struct tomoyo_mount_acl *acl;
117	if (ptr->is_deleted \|\| ptr->type != TOMOYO_TYPE_MOUNT_ACL)	123	if (ptr->is_deleted \|\| ptr->type != TOMOYO_TYPE_MOUNT_ACL)