TOMOYO: Split file access control functions by type of parameters.

Check numeric parameters for operations that deal them (e.g. chmod/chown/ioctl). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2010-05-16 21:09:15 -0400
committer: James Morris <jmorris@namei.org> 2010-08-02 01:33:37 -0400
commit: a1f9bb6a375a8dbf7797ffbd6739c46b338a77f7 (patch)
tree: 44df8f05e6ad6bd7cf9ce398c99efbd7cff24c20 /security/tomoyo/tomoyo.c
parent: cb0abe6a5b58499bd4bc1403f4987af9ead0642c (diff)
1 files changed, 15 insertions, 6 deletions
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 4120f5a0e1bc..bbe00429b3f5 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -112,7 +112,8 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
                             int mode)
 {
        struct path path = { parent->mnt, dentry };
-        return tomoyo_path_perm(TOMOYO_TYPE_MKDIR, &path);
+        return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
+                                       mode & S_IALLUGO);
 }
 static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
@@ -133,6 +134,7 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
 {
        struct path path = { parent->mnt, dentry };
        int type = TOMOYO_TYPE_CREATE;
+        const unsigned int perm = mode & S_IALLUGO;
        switch (mode & S_IFMT) {
        case S_IFCHR:
@@ -141,6 +143,12 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
        case S_IFBLK:
                type = TOMOYO_TYPE_MKBLOCK;
                break;
+        default:
+                goto no_dev;
+        }
+        return tomoyo_path_number3_perm(type, &path, perm, dev);
+ no_dev:
+        switch (mode & S_IFMT) {
        case S_IFIFO:
                type = TOMOYO_TYPE_MKFIFO;
                break;
@@ -148,7 +156,7 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
                type = TOMOYO_TYPE_MKSOCK;
                break;
        }
-        return tomoyo_path_perm(type, &path);
+        return tomoyo_path_number_perm(type, &path, perm);
 }
 static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
@@ -189,23 +197,24 @@ static int tomoyo_dentry_open(struct file *f, const struct cred *cred)
 static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
                             unsigned long arg)
 {
-        return tomoyo_path_perm(TOMOYO_TYPE_IOCTL, &file->f_path);
+        return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
 }
 static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
                             mode_t mode)
 {
        struct path path = { mnt, dentry };
-        return tomoyo_path_perm(TOMOYO_TYPE_CHMOD, &path);
+        return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path,
+                                       mode & S_IALLUGO);
 }
 static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
 {
        int error = 0;
        if (uid != (uid_t) -1)
-                error = tomoyo_path_perm(TOMOYO_TYPE_CHOWN, path);
+                error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, uid);
        if (!error && gid != (gid_t) -1)
-                error = tomoyo_path_perm(TOMOYO_TYPE_CHGRP, path);
+                error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, gid);
        return error;
 }
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2010-05-16 21:09:15 -0400
committer	James Morris <jmorris@namei.org>	2010-08-02 01:33:37 -0400
commit	a1f9bb6a375a8dbf7797ffbd6739c46b338a77f7 (patch)
tree	44df8f05e6ad6bd7cf9ce398c99efbd7cff24c20 /security/tomoyo/tomoyo.c
parent	cb0abe6a5b58499bd4bc1403f4987af9ead0642c (diff)