TOMOYO: Use callback for updating entries.

Use common "struct list_head" + "bool" + "u8" structure and use common code for elements using that structure. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2010-06-12 07:46:22 -0400
committer: James Morris <jmorris@namei.org> 2010-08-02 01:34:28 -0400
commit: 237ab459f12cb98eadd3fe7b85343e183a1076a4 (patch)
tree: f2835e2945016beb4e29b6a2ed8f9d372dc1b412 /security/tomoyo/domain.c
parent: 927942aabbbe506bf9bc70a16dc5460ecc64c148 (diff)
1 files changed, 51 insertions, 0 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 09ec37c12a9c..f774e73e0022 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -15,6 +15,57 @@
 /* The initial domain. */
 struct tomoyo_domain_info tomoyo_kernel_domain;
+/**
+ * tomoyo_update_domain - Update an entry for domain policy.
+ *
+ * @new_entry:       Pointer to "struct tomoyo_acl_info".
+ * @size:            Size of @new_entry in bytes.
+ * @is_delete:       True if it is a delete request.
+ * @domain:          Pointer to "struct tomoyo_domain_info".
+ * @check_duplicate: Callback function to find duplicated entry.
+ * @merge_duplicate: Callback function to merge duplicated entry.
+ *
+ * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
+ */
+int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
+                         bool is_delete, struct tomoyo_domain_info *domain,
+                         bool (*check_duplicate) (const struct tomoyo_acl_info
+                                                  *,
+                                                  const struct tomoyo_acl_info
+                                                  *),
+                         bool (*merge_duplicate) (struct tomoyo_acl_info *,
+                                                  struct tomoyo_acl_info *,
+                                                  const bool))
+{
+        int error = is_delete ? -ENOENT : -ENOMEM;
+        struct tomoyo_acl_info *entry;
+        if (mutex_lock_interruptible(&tomoyo_policy_lock))
+                return error;
+        list_for_each_entry_rcu(entry, &domain->acl_info_list, list) {
+                if (!check_duplicate(entry, new_entry))
+                        continue;
+                if (merge_duplicate)
+                        entry->is_deleted = merge_duplicate(entry, new_entry,
+                                                            is_delete);
+                else
+                        entry->is_deleted = is_delete;
+                error = 0;
+                break;
+        }
+        if (error && !is_delete) {
+                entry = tomoyo_commit_ok(new_entry, size);
+                if (entry) {
+                        list_add_tail_rcu(&entry->list, &domain->acl_info_list);
+                        error = 0;
+                }
+        }
+        mutex_unlock(&tomoyo_policy_lock);
+        return error;
+}
 /*
 * tomoyo_domain_list is used for holding list of domains.
 * The ->acl_info_list of "struct tomoyo_domain_info" is used for holding
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2010-06-12 07:46:22 -0400
committer	James Morris <jmorris@namei.org>	2010-08-02 01:34:28 -0400
commit	237ab459f12cb98eadd3fe7b85343e183a1076a4 (patch)
tree	f2835e2945016beb4e29b6a2ed8f9d372dc1b412 /security/tomoyo/domain.c
parent	927942aabbbe506bf9bc70a16dc5460ecc64c148 (diff)

diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 09ec37c12a9c..f774e73e0022 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c
@@ -15,6 +15,57 @@
15	/* The initial domain. */	15	/* The initial domain. */
16	struct tomoyo_domain_info tomoyo_kernel_domain;	16	struct tomoyo_domain_info tomoyo_kernel_domain;
17		17
		18	/**
		19	* tomoyo_update_domain - Update an entry for domain policy.
		20	*
		21	* @new_entry: Pointer to "struct tomoyo_acl_info".
		22	* @size: Size of @new_entry in bytes.
		23	* @is_delete: True if it is a delete request.
		24	* @domain: Pointer to "struct tomoyo_domain_info".
		25	* @check_duplicate: Callback function to find duplicated entry.
		26	* @merge_duplicate: Callback function to merge duplicated entry.
		27	*
		28	* Returns 0 on success, negative value otherwise.
		29	*
		30	* Caller holds tomoyo_read_lock().
		31	*/
		32	int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
		33	bool is_delete, struct tomoyo_domain_info *domain,
		34	bool (*check_duplicate) (const struct tomoyo_acl_info
		35	*,
		36	const struct tomoyo_acl_info
		37	*),
		38	bool (merge_duplicate) (struct tomoyo_acl_info ,
		39	struct tomoyo_acl_info *,
		40	const bool))
		41	{
		42	int error = is_delete ? -ENOENT : -ENOMEM;
		43	struct tomoyo_acl_info *entry;
		44
		45	if (mutex_lock_interruptible(&tomoyo_policy_lock))
		46	return error;
		47	list_for_each_entry_rcu(entry, &domain->acl_info_list, list) {
		48	if (!check_duplicate(entry, new_entry))
		49	continue;
		50	if (merge_duplicate)
		51	entry->is_deleted = merge_duplicate(entry, new_entry,
		52	is_delete);
		53	else
		54	entry->is_deleted = is_delete;
		55	error = 0;
		56	break;
		57	}
		58	if (error && !is_delete) {
		59	entry = tomoyo_commit_ok(new_entry, size);
		60	if (entry) {
		61	list_add_tail_rcu(&entry->list, &domain->acl_info_list);
		62	error = 0;
		63	}
		64	}
		65	mutex_unlock(&tomoyo_policy_lock);
		66	return error;
		67	}
		68
18	/*	69	/*
19	* tomoyo_domain_list is used for holding list of domains.	70	* tomoyo_domain_list is used for holding list of domains.
20	* The ->acl_info_list of "struct tomoyo_domain_info" is used for holding	71	* The ->acl_info_list of "struct tomoyo_domain_info" is used for holding