aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/common.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2009-12-02 07:09:48 -0500
committerJames Morris <jmorris@namei.org>2009-12-07 22:58:05 -0500
commit937bf6133b21b16965f75223085f4314ae32b8eb (patch)
tree4a042bc9298ffddfaf4017a5796cae46e9594d2c /security/tomoyo/common.c
parent5d0901a3a0c39c97ca504f73d24030f63cfc9fa2 (diff)
TOMOYO: Add rest of file operation restrictions.
LSM hooks for chmod()/chown()/chroot() are now ready. This patch utilizes these hooks. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/common.c')
-rw-r--r--security/tomoyo/common.c61
1 files changed, 18 insertions, 43 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index e0d0354008b7..6c6061682438 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -842,52 +842,27 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
842 if (ptr->type & TOMOYO_ACL_DELETED) 842 if (ptr->type & TOMOYO_ACL_DELETED)
843 continue; 843 continue;
844 switch (tomoyo_acl_type2(ptr)) { 844 switch (tomoyo_acl_type2(ptr)) {
845 struct tomoyo_single_path_acl_record *acl1; 845 struct tomoyo_single_path_acl_record *acl;
846 struct tomoyo_double_path_acl_record *acl2; 846 u32 perm;
847 u16 perm; 847 u8 i;
848 case TOMOYO_TYPE_SINGLE_PATH_ACL: 848 case TOMOYO_TYPE_SINGLE_PATH_ACL:
849 acl1 = container_of(ptr, 849 acl = container_of(ptr,
850 struct tomoyo_single_path_acl_record, 850 struct tomoyo_single_path_acl_record,
851 head); 851 head);
852 perm = acl1->perm; 852 perm = acl->perm | (((u32) acl->perm_high) << 16);
853 if (perm & (1 << TOMOYO_TYPE_EXECUTE_ACL)) 853 for (i = 0; i < TOMOYO_MAX_SINGLE_PATH_OPERATION; i++)
854 count++; 854 if (perm & (1 << i))
855 if (perm & 855 count++;
856 ((1 << TOMOYO_TYPE_READ_ACL) | 856 if (perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL))
857 (1 << TOMOYO_TYPE_WRITE_ACL))) 857 count -= 2;
858 count++;
859 if (perm & (1 << TOMOYO_TYPE_CREATE_ACL))
860 count++;
861 if (perm & (1 << TOMOYO_TYPE_UNLINK_ACL))
862 count++;
863 if (perm & (1 << TOMOYO_TYPE_MKDIR_ACL))
864 count++;
865 if (perm & (1 << TOMOYO_TYPE_RMDIR_ACL))
866 count++;
867 if (perm & (1 << TOMOYO_TYPE_MKFIFO_ACL))
868 count++;
869 if (perm & (1 << TOMOYO_TYPE_MKSOCK_ACL))
870 count++;
871 if (perm & (1 << TOMOYO_TYPE_MKBLOCK_ACL))
872 count++;
873 if (perm & (1 << TOMOYO_TYPE_MKCHAR_ACL))
874 count++;
875 if (perm & (1 << TOMOYO_TYPE_TRUNCATE_ACL))
876 count++;
877 if (perm & (1 << TOMOYO_TYPE_SYMLINK_ACL))
878 count++;
879 if (perm & (1 << TOMOYO_TYPE_REWRITE_ACL))
880 count++;
881 break; 858 break;
882 case TOMOYO_TYPE_DOUBLE_PATH_ACL: 859 case TOMOYO_TYPE_DOUBLE_PATH_ACL:
883 acl2 = container_of(ptr, 860 perm = container_of(ptr,
884 struct tomoyo_double_path_acl_record, 861 struct tomoyo_double_path_acl_record,
885 head); 862 head)->perm;
886 perm = acl2->perm; 863 for (i = 0; i < TOMOYO_MAX_DOUBLE_PATH_OPERATION; i++)
887 if (perm & (1 << TOMOYO_TYPE_LINK_ACL)) 864 if (perm & (1 << i))
888 count++; 865 count++;
889 if (perm & (1 << TOMOYO_TYPE_RENAME_ACL))
890 count++;
891 break; 866 break;
892 } 867 }
893 } 868 }
@@ -1426,7 +1401,7 @@ static bool tomoyo_print_single_path_acl(struct tomoyo_io_buffer *head,
1426 u8 bit; 1401 u8 bit;
1427 const char *atmark = ""; 1402 const char *atmark = "";
1428 const char *filename; 1403 const char *filename;
1429 const u16 perm = ptr->perm; 1404 const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16);
1430 1405
1431 filename = ptr->filename->name; 1406 filename = ptr->filename->name;
1432 for (bit = head->read_bit; bit < TOMOYO_MAX_SINGLE_PATH_OPERATION; 1407 for (bit = head->read_bit; bit < TOMOYO_MAX_SINGLE_PATH_OPERATION;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-10 03:53:34 -0500