diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-05-16 21:09:15 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-08-02 01:33:37 -0400 |
| commit | a1f9bb6a375a8dbf7797ffbd6739c46b338a77f7 (patch) | |
| tree | 44df8f05e6ad6bd7cf9ce398c99efbd7cff24c20 /security/tomoyo/common.c | |
| parent | cb0abe6a5b58499bd4bc1403f4987af9ead0642c (diff) | |
TOMOYO: Split file access control functions by type of parameters.
Check numeric parameters for operations that deal them
(e.g. chmod/chown/ioctl).
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/common.c')
| -rw-r--r-- | security/tomoyo/common.c | 105 |
1 files changed, 100 insertions, 5 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 34d65871096c..0706b175fdb1 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
| @@ -1043,12 +1043,11 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) | |||
| 1043 | return true; | 1043 | return true; |
| 1044 | list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { | 1044 | list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { |
| 1045 | switch (ptr->type) { | 1045 | switch (ptr->type) { |
| 1046 | struct tomoyo_path_acl *acl; | 1046 | u16 perm; |
| 1047 | u32 perm; | ||
| 1048 | u8 i; | 1047 | u8 i; |
| 1049 | case TOMOYO_TYPE_PATH_ACL: | 1048 | case TOMOYO_TYPE_PATH_ACL: |
| 1050 | acl = container_of(ptr, struct tomoyo_path_acl, head); | 1049 | perm = container_of(ptr, struct tomoyo_path_acl, head) |
| 1051 | perm = acl->perm | (((u32) acl->perm_high) << 16); | 1050 | ->perm; |
| 1052 | for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++) | 1051 | for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++) |
| 1053 | if (perm & (1 << i)) | 1052 | if (perm & (1 << i)) |
| 1054 | count++; | 1053 | count++; |
| @@ -1062,6 +1061,20 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) | |||
| 1062 | if (perm & (1 << i)) | 1061 | if (perm & (1 << i)) |
| 1063 | count++; | 1062 | count++; |
| 1064 | break; | 1063 | break; |
| 1064 | case TOMOYO_TYPE_PATH_NUMBER_ACL: | ||
| 1065 | perm = container_of(ptr, struct tomoyo_path_number_acl, | ||
| 1066 | head)->perm; | ||
| 1067 | for (i = 0; i < TOMOYO_MAX_PATH_NUMBER_OPERATION; i++) | ||
| 1068 | if (perm & (1 << i)) | ||
| 1069 | count++; | ||
| 1070 | break; | ||
| 1071 | case TOMOYO_TYPE_PATH_NUMBER3_ACL: | ||
| 1072 | perm = container_of(ptr, struct tomoyo_path_number3_acl, | ||
| 1073 | head)->perm; | ||
| 1074 | for (i = 0; i < TOMOYO_MAX_PATH_NUMBER3_OPERATION; i++) | ||
| 1075 | if (perm & (1 << i)) | ||
| 1076 | count++; | ||
| 1077 | break; | ||
| 1065 | } | 1078 | } |
| 1066 | } | 1079 | } |
| 1067 | if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY)) | 1080 | if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY)) |
| @@ -1579,7 +1592,7 @@ static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head, | |||
| 1579 | { | 1592 | { |
| 1580 | int pos; | 1593 | int pos; |
| 1581 | u8 bit; | 1594 | u8 bit; |
| 1582 | const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16); | 1595 | const u16 perm = ptr->perm; |
| 1583 | 1596 | ||
| 1584 | for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { | 1597 | for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { |
| 1585 | if (!(perm & (1 << bit))) | 1598 | if (!(perm & (1 << bit))) |
| @@ -1638,6 +1651,76 @@ static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head, | |||
| 1638 | } | 1651 | } |
| 1639 | 1652 | ||
| 1640 | /** | 1653 | /** |
| 1654 | * tomoyo_print_path_number_acl - Print a path_number ACL entry. | ||
| 1655 | * | ||
| 1656 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
| 1657 | * @ptr: Pointer to "struct tomoyo_path_number_acl". | ||
| 1658 | * | ||
| 1659 | * Returns true on success, false otherwise. | ||
| 1660 | */ | ||
| 1661 | static bool tomoyo_print_path_number_acl(struct tomoyo_io_buffer *head, | ||
| 1662 | struct tomoyo_path_number_acl *ptr) | ||
| 1663 | { | ||
| 1664 | int pos; | ||
| 1665 | u8 bit; | ||
| 1666 | const u8 perm = ptr->perm; | ||
| 1667 | for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; | ||
| 1668 | bit++) { | ||
| 1669 | if (!(perm & (1 << bit))) | ||
| 1670 | continue; | ||
| 1671 | pos = head->read_avail; | ||
| 1672 | if (!tomoyo_io_printf(head, "allow_%s", | ||
| 1673 | tomoyo_path_number2keyword(bit)) || | ||
| 1674 | !tomoyo_print_name_union(head, &ptr->name) || | ||
| 1675 | !tomoyo_print_number_union(head, &ptr->number) || | ||
| 1676 | !tomoyo_io_printf(head, "\n")) | ||
| 1677 | goto out; | ||
| 1678 | } | ||
| 1679 | head->read_bit = 0; | ||
| 1680 | return true; | ||
| 1681 | out: | ||
| 1682 | head->read_bit = bit; | ||
| 1683 | head->read_avail = pos; | ||
| 1684 | return false; | ||
| 1685 | } | ||
| 1686 | |||
| 1687 | /** | ||
| 1688 | * tomoyo_print_path_number3_acl - Print a path_number3 ACL entry. | ||
| 1689 | * | ||
| 1690 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
| 1691 | * @ptr: Pointer to "struct tomoyo_path_number3_acl". | ||
| 1692 | * | ||
| 1693 | * Returns true on success, false otherwise. | ||
| 1694 | */ | ||
| 1695 | static bool tomoyo_print_path_number3_acl(struct tomoyo_io_buffer *head, | ||
| 1696 | struct tomoyo_path_number3_acl *ptr) | ||
| 1697 | { | ||
| 1698 | int pos; | ||
| 1699 | u8 bit; | ||
| 1700 | const u16 perm = ptr->perm; | ||
| 1701 | for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_NUMBER3_OPERATION; | ||
| 1702 | bit++) { | ||
| 1703 | if (!(perm & (1 << bit))) | ||
| 1704 | continue; | ||
| 1705 | pos = head->read_avail; | ||
| 1706 | if (!tomoyo_io_printf(head, "allow_%s", | ||
| 1707 | tomoyo_path_number32keyword(bit)) || | ||
| 1708 | !tomoyo_print_name_union(head, &ptr->name) || | ||
| 1709 | !tomoyo_print_number_union(head, &ptr->mode) || | ||
| 1710 | !tomoyo_print_number_union(head, &ptr->major) || | ||
| 1711 | !tomoyo_print_number_union(head, &ptr->minor) || | ||
| 1712 | !tomoyo_io_printf(head, "\n")) | ||
| 1713 | goto out; | ||
| 1714 | } | ||
| 1715 | head->read_bit = 0; | ||
| 1716 | return true; | ||
| 1717 | out: | ||
| 1718 | head->read_bit = bit; | ||
| 1719 | head->read_avail = pos; | ||
| 1720 | return false; | ||
| 1721 | } | ||
| 1722 | |||
| 1723 | /** | ||
| 1641 | * tomoyo_print_entry - Print an ACL entry. | 1724 | * tomoyo_print_entry - Print an ACL entry. |
| 1642 | * | 1725 | * |
| 1643 | * @head: Pointer to "struct tomoyo_io_buffer". | 1726 | * @head: Pointer to "struct tomoyo_io_buffer". |
| @@ -1660,6 +1743,18 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, | |||
| 1660 | = container_of(ptr, struct tomoyo_path2_acl, head); | 1743 | = container_of(ptr, struct tomoyo_path2_acl, head); |
| 1661 | return tomoyo_print_path2_acl(head, acl); | 1744 | return tomoyo_print_path2_acl(head, acl); |
| 1662 | } | 1745 | } |
| 1746 | if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) { | ||
| 1747 | struct tomoyo_path_number_acl *acl | ||
| 1748 | = container_of(ptr, struct tomoyo_path_number_acl, | ||
| 1749 | head); | ||
| 1750 | return tomoyo_print_path_number_acl(head, acl); | ||
| 1751 | } | ||
| 1752 | if (acl_type == TOMOYO_TYPE_PATH_NUMBER3_ACL) { | ||
| 1753 | struct tomoyo_path_number3_acl *acl | ||
| 1754 | = container_of(ptr, struct tomoyo_path_number3_acl, | ||
| 1755 | head); | ||
| 1756 | return tomoyo_print_path_number3_acl(head, acl); | ||
| 1757 | } | ||
| 1663 | BUG(); /* This must not happen. */ | 1758 | BUG(); /* This must not happen. */ |
| 1664 | return false; | 1759 | return false; |
| 1665 | } | 1760 | } |