TOMOYO: Add description of lists and structures.

This patch adds some descriptions of lists and structures. This patch contains no code changes. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> 2009-06-07 23:37:39 -0400
committer: James Morris <jmorris@namei.org> 2009-06-08 19:30:24 -0400
commit: c3fa109a5894077d1eaf8731ea741a15dd117b3c (patch)
tree: a3d5f58ea878868b48a1493055e6f2cb6dd3c9de /security/tomoyo/common.c
parent: 5bf1692f65c12a8aa359dc883468284ffc3c4587 (diff)
1 files changed, 64 insertions, 5 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index a44f655b3913..fdd1f4b8c448 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -28,7 +28,13 @@ static const char *tomoyo_mode_2[4] = {
        "disabled", "enabled", "enabled", "enabled"
 };
-/* Table for profile. */
+/*
+ * tomoyo_control_array is a static data which contains
+ *
+ *  (1) functionality name used by /sys/kernel/security/tomoyo/profile .
+ *  (2) initial values for "struct tomoyo_profile".
+ *  (3) max values for "struct tomoyo_profile".
+ */
 static struct {
        const char *keyword;
        unsigned int current_value;
@@ -39,7 +45,13 @@ static struct {
        [TOMOYO_VERBOSE]          = { "TOMOYO_VERBOSE",      1,       1 },
 };
-/* Profile table. Memory is allocated as needed. */
+/*
+ * tomoyo_profile is a structure which is used for holding the mode of access
+ * controls. TOMOYO has 4 modes: disabled, learning, permissive, enforcing.
+ * An administrator can define up to 256 profiles.
+ * The ->profile of "struct tomoyo_domain_info" is used for remembering
+ * the profile's number (0 - 255) assigned to that domain.
+ */
 static struct tomoyo_profile {
        unsigned int value[TOMOYO_MAX_CONTROL_INDEX];
        const struct tomoyo_path_info *comment;
@@ -1006,7 +1018,19 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head)
        return 0;
 }
-/* Structure for policy manager. */
+/*
+ * tomoyo_policy_manager_entry is a structure which is used for holding list of
+ * domainnames or programs which are permitted to modify configuration via
+ * /sys/kernel/security/tomoyo/ interface.
+ * It has following fields.
+ *
+ *  (1) "list" which is linked to tomoyo_policy_manager_list .
+ *  (2) "manager" is a domainname or a program's pathname.
+ *  (3) "is_domain" is a bool which is true if "manager" is a domainname, false
+ *      otherwise.
+ *  (4) "is_deleted" is a bool which is true if marked as deleted, false
+ *      otherwise.
+ */
 struct tomoyo_policy_manager_entry {
        struct list_head list;
        /* A path to program or a domainname. */
@@ -1015,7 +1039,36 @@ struct tomoyo_policy_manager_entry {
        bool is_deleted; /* True if this entry is deleted. */
 };
-/* The list for "struct tomoyo_policy_manager_entry". */
+/*
+ * tomoyo_policy_manager_list is used for holding list of domainnames or
+ * programs which are permitted to modify configuration via
+ * /sys/kernel/security/tomoyo/ interface.
+ *
+ * An entry is added by
+ *
+ * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \
+ *                                        /sys/kernel/security/tomoyo/manager
+ *  (if you want to specify by a domainname)
+ *
+ *  or
+ *
+ * # echo '/usr/lib/ccs/editpolicy' > /sys/kernel/security/tomoyo/manager
+ *  (if you want to specify by a program's location)
+ *
+ * and is deleted by
+ *
+ * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \
+ *                                        /sys/kernel/security/tomoyo/manager
+ *
+ *  or
+ *
+ * # echo 'delete /usr/lib/ccs/editpolicy' > \
+ *                                        /sys/kernel/security/tomoyo/manager
+ *
+ * and all entries are retrieved by
+ *
+ * # cat /sys/kernel/security/tomoyo/manager
+ */
 static LIST_HEAD(tomoyo_policy_manager_list);
 static DECLARE_RWSEM(tomoyo_policy_manager_list_lock);
@@ -2124,7 +2177,13 @@ static ssize_t tomoyo_write(struct file *file, const char __user *buf,
        return tomoyo_write_control(file, buf, count);
 }
-/* Operations for /sys/kernel/security/tomoyo/ interface. */
+/*
+ * tomoyo_operations is a "struct file_operations" which is used for handling
+ * /sys/kernel/security/tomoyo/ interface.
+ *
+ * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
+ * See tomoyo_io_buffer for internals.
+ */
 static const struct file_operations tomoyo_operations = {
        .open    = tomoyo_open,
        .release = tomoyo_release,
author	Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>	2009-06-07 23:37:39 -0400
committer	James Morris <jmorris@namei.org>	2009-06-08 19:30:24 -0400
commit	c3fa109a5894077d1eaf8731ea741a15dd117b3c (patch)
tree	a3d5f58ea878868b48a1493055e6f2cb6dd3c9de /security/tomoyo/common.c
parent	5bf1692f65c12a8aa359dc883468284ffc3c4587 (diff)

diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index a44f655b3913..fdd1f4b8c448 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c
@@ -28,7 +28,13 @@ static const char *tomoyo_mode_2[4] = {
28	"disabled", "enabled", "enabled", "enabled"	28	"disabled", "enabled", "enabled", "enabled"
29	};	29	};
30		30
31	/* Table for profile. */	31	/*
		32	* tomoyo_control_array is a static data which contains
		33	*
		34	* (1) functionality name used by /sys/kernel/security/tomoyo/profile .
		35	* (2) initial values for "struct tomoyo_profile".
		36	* (3) max values for "struct tomoyo_profile".
		37	*/
32	static struct {	38	static struct {
33	const char *keyword;	39	const char *keyword;
34	unsigned int current_value;	40	unsigned int current_value;
@@ -39,7 +45,13 @@ static struct {
39	[TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 },	45	[TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 },
40	};	46	};
41		47
42	/* Profile table. Memory is allocated as needed. */	48	/*
		49	* tomoyo_profile is a structure which is used for holding the mode of access
		50	* controls. TOMOYO has 4 modes: disabled, learning, permissive, enforcing.
		51	* An administrator can define up to 256 profiles.
		52	* The ->profile of "struct tomoyo_domain_info" is used for remembering
		53	* the profile's number (0 - 255) assigned to that domain.
		54	*/
43	static struct tomoyo_profile {	55	static struct tomoyo_profile {
44	unsigned int value[TOMOYO_MAX_CONTROL_INDEX];	56	unsigned int value[TOMOYO_MAX_CONTROL_INDEX];
45	const struct tomoyo_path_info *comment;	57	const struct tomoyo_path_info *comment;
@@ -1006,7 +1018,19 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head)
1006	return 0;	1018	return 0;
1007	}	1019	}
1008		1020
1009	/* Structure for policy manager. */	1021	/*
		1022	* tomoyo_policy_manager_entry is a structure which is used for holding list of
		1023	* domainnames or programs which are permitted to modify configuration via
		1024	* /sys/kernel/security/tomoyo/ interface.
		1025	* It has following fields.
		1026	*
		1027	* (1) "list" which is linked to tomoyo_policy_manager_list .
		1028	* (2) "manager" is a domainname or a program's pathname.
		1029	* (3) "is_domain" is a bool which is true if "manager" is a domainname, false
		1030	* otherwise.
		1031	* (4) "is_deleted" is a bool which is true if marked as deleted, false
		1032	* otherwise.
		1033	*/
1010	struct tomoyo_policy_manager_entry {	1034	struct tomoyo_policy_manager_entry {
1011	struct list_head list;	1035	struct list_head list;
1012	/* A path to program or a domainname. */	1036	/* A path to program or a domainname. */
@@ -1015,7 +1039,36 @@ struct tomoyo_policy_manager_entry {
1015	bool is_deleted; /* True if this entry is deleted. */	1039	bool is_deleted; /* True if this entry is deleted. */
1016	};	1040	};
1017		1041
1018	/* The list for "struct tomoyo_policy_manager_entry". */	1042	/*
		1043	* tomoyo_policy_manager_list is used for holding list of domainnames or
		1044	* programs which are permitted to modify configuration via
		1045	* /sys/kernel/security/tomoyo/ interface.
		1046	*
		1047	* An entry is added by
		1048	*
		1049	* # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \
		1050	* /sys/kernel/security/tomoyo/manager
		1051	* (if you want to specify by a domainname)
		1052	*
		1053	* or
		1054	*
		1055	* # echo '/usr/lib/ccs/editpolicy' > /sys/kernel/security/tomoyo/manager
		1056	* (if you want to specify by a program's location)
		1057	*
		1058	* and is deleted by
		1059	*
		1060	* # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \
		1061	* /sys/kernel/security/tomoyo/manager
		1062	*
		1063	* or
		1064	*
		1065	* # echo 'delete /usr/lib/ccs/editpolicy' > \
		1066	* /sys/kernel/security/tomoyo/manager
		1067	*
		1068	* and all entries are retrieved by
		1069	*
		1070	* # cat /sys/kernel/security/tomoyo/manager
		1071	*/
1019	static LIST_HEAD(tomoyo_policy_manager_list);	1072	static LIST_HEAD(tomoyo_policy_manager_list);
1020	static DECLARE_RWSEM(tomoyo_policy_manager_list_lock);	1073	static DECLARE_RWSEM(tomoyo_policy_manager_list_lock);
1021		1074
@@ -2124,7 +2177,13 @@ static ssize_t tomoyo_write(struct file file, const char __user buf,
2124	return tomoyo_write_control(file, buf, count);	2177	return tomoyo_write_control(file, buf, count);
2125	}	2178	}
2126		2179
2127	/* Operations for /sys/kernel/security/tomoyo/ interface. */	2180	/*
		2181	* tomoyo_operations is a "struct file_operations" which is used for handling
		2182	* /sys/kernel/security/tomoyo/ interface.
		2183	*
		2184	* Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
		2185	* See tomoyo_io_buffer for internals.
		2186	*/
2128	static const struct file_operations tomoyo_operations = {	2187	static const struct file_operations tomoyo_operations = {
2129	.open = tomoyo_open,	2188	.open = tomoyo_open,
2130	.release = tomoyo_release,	2189	.release = tomoyo_release,