diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-06-12 07:46:22 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-08-02 01:34:28 -0400 |
| commit | 237ab459f12cb98eadd3fe7b85343e183a1076a4 (patch) | |
| tree | f2835e2945016beb4e29b6a2ed8f9d372dc1b412 /security/tomoyo/mount.c | |
| parent | 927942aabbbe506bf9bc70a16dc5460ecc64c148 (diff) | |
TOMOYO: Use callback for updating entries.
Use common "struct list_head" + "bool" + "u8" structure and
use common code for elements using that structure.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/mount.c')
| -rw-r--r-- | security/tomoyo/mount.c | 43 |
1 files changed, 18 insertions, 25 deletions
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 77ee8bf41948..c170b41c3833 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c | |||
| @@ -114,11 +114,10 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name, | |||
| 114 | tomoyo_fill_path_info(&rdev); | 114 | tomoyo_fill_path_info(&rdev); |
| 115 | list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) { | 115 | list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) { |
| 116 | struct tomoyo_mount_acl *acl; | 116 | struct tomoyo_mount_acl *acl; |
| 117 | if (ptr->type != TOMOYO_TYPE_MOUNT_ACL) | 117 | if (ptr->is_deleted || ptr->type != TOMOYO_TYPE_MOUNT_ACL) |
| 118 | continue; | 118 | continue; |
| 119 | acl = container_of(ptr, struct tomoyo_mount_acl, head); | 119 | acl = container_of(ptr, struct tomoyo_mount_acl, head); |
| 120 | if (acl->is_deleted || | 120 | if (!tomoyo_compare_number_union(flags, &acl->flags) || |
| 121 | !tomoyo_compare_number_union(flags, &acl->flags) || | ||
| 122 | !tomoyo_compare_name_union(&rtype, &acl->fs_type) || | 121 | !tomoyo_compare_name_union(&rtype, &acl->fs_type) || |
| 123 | !tomoyo_compare_name_union(&rdir, &acl->dir_name) || | 122 | !tomoyo_compare_name_union(&rdir, &acl->dir_name) || |
| 124 | (need_dev && | 123 | (need_dev && |
| @@ -259,6 +258,18 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type, | |||
| 259 | return error; | 258 | return error; |
| 260 | } | 259 | } |
| 261 | 260 | ||
| 261 | static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a, | ||
| 262 | const struct tomoyo_acl_info *b) | ||
| 263 | { | ||
| 264 | const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head); | ||
| 265 | const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head); | ||
| 266 | return tomoyo_is_same_acl_head(&p1->head, &p2->head) && | ||
| 267 | tomoyo_is_same_name_union(&p1->dev_name, &p2->dev_name) && | ||
| 268 | tomoyo_is_same_name_union(&p1->dir_name, &p2->dir_name) && | ||
| 269 | tomoyo_is_same_name_union(&p1->fs_type, &p2->fs_type) && | ||
| 270 | tomoyo_is_same_number_union(&p1->flags, &p2->flags); | ||
| 271 | } | ||
| 272 | |||
| 262 | /** | 273 | /** |
| 263 | * tomoyo_write_mount_policy - Write "struct tomoyo_mount_acl" list. | 274 | * tomoyo_write_mount_policy - Write "struct tomoyo_mount_acl" list. |
| 264 | * | 275 | * |
| @@ -267,11 +278,12 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type, | |||
| 267 | * @is_delete: True if it is a delete request. | 278 | * @is_delete: True if it is a delete request. |
| 268 | * | 279 | * |
| 269 | * Returns 0 on success, negative value otherwise. | 280 | * Returns 0 on success, negative value otherwise. |
| 281 | * | ||
| 282 | * Caller holds tomoyo_read_lock(). | ||
| 270 | */ | 283 | */ |
| 271 | int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain, | 284 | int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain, |
| 272 | const bool is_delete) | 285 | const bool is_delete) |
| 273 | { | 286 | { |
| 274 | struct tomoyo_acl_info *ptr; | ||
| 275 | struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL }; | 287 | struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL }; |
| 276 | int error = is_delete ? -ENOENT : -ENOMEM; | 288 | int error = is_delete ? -ENOENT : -ENOMEM; |
| 277 | char *w[4]; | 289 | char *w[4]; |
| @@ -282,27 +294,8 @@ int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain, | |||
| 282 | !tomoyo_parse_name_union(w[2], &e.fs_type) || | 294 | !tomoyo_parse_name_union(w[2], &e.fs_type) || |
| 283 | !tomoyo_parse_number_union(w[3], &e.flags)) | 295 | !tomoyo_parse_number_union(w[3], &e.flags)) |
| 284 | goto out; | 296 | goto out; |
| 285 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) | 297 | error = tomoyo_update_domain(&e.head, sizeof(e), is_delete, domain, |
| 286 | goto out; | 298 | tomoyo_same_mount_acl, NULL); |
| 287 | list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { | ||
| 288 | struct tomoyo_mount_acl *acl = | ||
| 289 | container_of(ptr, struct tomoyo_mount_acl, head); | ||
| 290 | if (!tomoyo_is_same_mount_acl(acl, &e)) | ||
| 291 | continue; | ||
| 292 | acl->is_deleted = is_delete; | ||
| 293 | error = 0; | ||
| 294 | break; | ||
| 295 | } | ||
| 296 | if (!is_delete && error) { | ||
| 297 | struct tomoyo_mount_acl *entry = | ||
| 298 | tomoyo_commit_ok(&e, sizeof(e)); | ||
| 299 | if (entry) { | ||
| 300 | list_add_tail_rcu(&entry->head.list, | ||
| 301 | &domain->acl_info_list); | ||
| 302 | error = 0; | ||
| 303 | } | ||
| 304 | } | ||
| 305 | mutex_unlock(&tomoyo_policy_lock); | ||
| 306 | out: | 299 | out: |
| 307 | tomoyo_put_name_union(&e.dev_name); | 300 | tomoyo_put_name_union(&e.dev_name); |
| 308 | tomoyo_put_name_union(&e.dir_name); | 301 | tomoyo_put_name_union(&e.dir_name); |