diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-06-17 03:54:33 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 01:34:41 -0400 |
commit | 31845e8c6d3f4f26702e567c667277f9fd1f73a3 (patch) | |
tree | 5c457513fcdae4e7e39b19d36e1698ae298ce8d4 /security | |
parent | a230f9e7121cbcbfe23bd5a630abf6b53cece555 (diff) |
TOMOYO: Aggregate reader functions.
Now lists are accessible via array index. Aggregate reader functions using index.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/tomoyo/common.c | 259 | ||||
-rw-r--r-- | security/tomoyo/common.h | 22 | ||||
-rw-r--r-- | security/tomoyo/domain.c | 140 | ||||
-rw-r--r-- | security/tomoyo/file.c | 87 | ||||
-rw-r--r-- | security/tomoyo/number_group.c | 41 | ||||
-rw-r--r-- | security/tomoyo/path_group.c | 35 |
6 files changed, 200 insertions, 384 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index cb1aaf148ad4..044115d49033 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -1192,75 +1192,216 @@ static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head) | |||
1192 | return -EINVAL; | 1192 | return -EINVAL; |
1193 | } | 1193 | } |
1194 | 1194 | ||
1195 | static void tomoyo_print_number(char *buffer, int buffer_len, | ||
1196 | const struct tomoyo_number_union *ptr) | ||
1197 | { | ||
1198 | int i; | ||
1199 | unsigned long min = ptr->values[0]; | ||
1200 | const unsigned long max = ptr->values[1]; | ||
1201 | u8 min_type = ptr->min_type; | ||
1202 | const u8 max_type = ptr->max_type; | ||
1203 | memset(buffer, 0, buffer_len); | ||
1204 | buffer_len -= 2; | ||
1205 | for (i = 0; i < 2; i++) { | ||
1206 | int len; | ||
1207 | switch (min_type) { | ||
1208 | case TOMOYO_VALUE_TYPE_HEXADECIMAL: | ||
1209 | snprintf(buffer, buffer_len, "0x%lX", min); | ||
1210 | break; | ||
1211 | case TOMOYO_VALUE_TYPE_OCTAL: | ||
1212 | snprintf(buffer, buffer_len, "0%lo", min); | ||
1213 | break; | ||
1214 | default: | ||
1215 | snprintf(buffer, buffer_len, "%lu", min); | ||
1216 | break; | ||
1217 | } | ||
1218 | if (min == max && min_type == max_type) | ||
1219 | break; | ||
1220 | len = strlen(buffer); | ||
1221 | buffer[len++] = '-'; | ||
1222 | buffer += len; | ||
1223 | buffer_len -= len; | ||
1224 | min_type = max_type; | ||
1225 | min = max; | ||
1226 | } | ||
1227 | } | ||
1228 | |||
1229 | static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { | ||
1230 | [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP, | ||
1231 | [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP | ||
1232 | }; | ||
1233 | |||
1195 | /** | 1234 | /** |
1196 | * tomoyo_read_exception_policy - Read exception policy. | 1235 | * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list. |
1197 | * | 1236 | * |
1198 | * @head: Pointer to "struct tomoyo_io_buffer". | 1237 | * @head: Pointer to "struct tomoyo_io_buffer". |
1238 | * @idx: Index number. | ||
1239 | * | ||
1240 | * Returns true on success, false otherwise. | ||
1199 | * | 1241 | * |
1200 | * Caller holds tomoyo_read_lock(). | 1242 | * Caller holds tomoyo_read_lock(). |
1201 | */ | 1243 | */ |
1202 | static void tomoyo_read_exception_policy(struct tomoyo_io_buffer *head) | 1244 | static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) |
1203 | { | 1245 | { |
1204 | if (!head->read_eof) { | 1246 | struct list_head *gpos; |
1205 | switch (head->read_step) { | 1247 | struct list_head *mpos; |
1206 | case 0: | 1248 | const char *w[3] = { "", "", "" }; |
1207 | head->read_var2 = NULL; | 1249 | w[0] = tomoyo_group_name[idx]; |
1208 | head->read_step = 1; | 1250 | list_for_each_cookie(gpos, head->read_var1, &tomoyo_group_list[idx]) { |
1209 | case 1: | 1251 | struct tomoyo_group *group = |
1210 | if (!tomoyo_read_domain_keeper_policy(head)) | 1252 | list_entry(gpos, struct tomoyo_group, list); |
1211 | break; | 1253 | w[1] = group->group_name->name; |
1212 | head->read_var2 = NULL; | 1254 | list_for_each_cookie(mpos, head->read_var2, |
1213 | head->read_step = 2; | 1255 | &group->member_list) { |
1214 | case 2: | 1256 | char buffer[128]; |
1215 | if (!tomoyo_read_globally_readable_policy(head)) | 1257 | struct tomoyo_acl_head *ptr = |
1216 | break; | 1258 | list_entry(mpos, struct tomoyo_acl_head, list); |
1217 | head->read_var2 = NULL; | 1259 | if (ptr->is_deleted) |
1218 | head->read_step = 3; | 1260 | continue; |
1219 | case 3: | 1261 | if (idx == TOMOYO_PATH_GROUP) { |
1220 | head->read_var2 = NULL; | 1262 | w[2] = container_of(ptr, |
1221 | head->read_step = 4; | 1263 | struct tomoyo_path_group, |
1222 | case 4: | 1264 | head)->member_name->name; |
1223 | if (!tomoyo_read_domain_initializer_policy(head)) | 1265 | } else if (idx == TOMOYO_NUMBER_GROUP) { |
1224 | break; | 1266 | tomoyo_print_number(buffer, sizeof(buffer), |
1225 | head->read_var2 = NULL; | 1267 | &container_of |
1226 | head->read_step = 5; | 1268 | (ptr, struct |
1227 | case 5: | 1269 | tomoyo_number_group, |
1228 | if (!tomoyo_read_alias_policy(head)) | 1270 | head)->number); |
1229 | break; | 1271 | w[2] = buffer; |
1230 | head->read_var2 = NULL; | 1272 | } |
1231 | head->read_step = 6; | 1273 | if (!tomoyo_io_printf(head, "%s%s %s\n", w[0], w[1], |
1232 | case 6: | 1274 | w[2])) |
1233 | if (!tomoyo_read_aggregator_policy(head)) | 1275 | return false; |
1234 | break; | 1276 | } |
1235 | head->read_var2 = NULL; | 1277 | } |
1236 | head->read_step = 7; | 1278 | return true; |
1237 | case 7: | 1279 | } |
1238 | if (!tomoyo_read_file_pattern(head)) | 1280 | |
1239 | break; | 1281 | /** |
1240 | head->read_var2 = NULL; | 1282 | * tomoyo_read_policy - Read "struct tomoyo_..._entry" list. |
1241 | head->read_step = 8; | 1283 | * |
1242 | case 8: | 1284 | * @head: Pointer to "struct tomoyo_io_buffer". |
1243 | if (!tomoyo_read_no_rewrite_policy(head)) | 1285 | * @idx: Index number. |
1244 | break; | 1286 | * |
1245 | head->read_var2 = NULL; | 1287 | * Returns true on success, false otherwise. |
1246 | head->read_step = 9; | 1288 | * |
1247 | case 9: | 1289 | * Caller holds tomoyo_read_lock(). |
1248 | if (!tomoyo_read_path_group_policy(head)) | 1290 | */ |
1249 | break; | 1291 | static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) |
1250 | head->read_var1 = NULL; | 1292 | { |
1251 | head->read_var2 = NULL; | 1293 | struct list_head *pos; |
1252 | head->read_step = 10; | 1294 | list_for_each_cookie(pos, head->read_var2, &tomoyo_policy_list[idx]) { |
1253 | case 10: | 1295 | const char *w[4] = { "", "", "", "" }; |
1254 | if (!tomoyo_read_number_group_policy(head)) | 1296 | struct tomoyo_acl_head *acl = container_of(pos, typeof(*acl), |
1255 | break; | 1297 | list); |
1256 | head->read_var1 = NULL; | 1298 | if (acl->is_deleted) |
1257 | head->read_var2 = NULL; | 1299 | continue; |
1258 | head->read_step = 11; | 1300 | switch (idx) { |
1259 | case 11: | 1301 | case TOMOYO_ID_DOMAIN_KEEPER: |
1260 | head->read_eof = true; | 1302 | { |
1303 | struct tomoyo_domain_keeper_entry *ptr = | ||
1304 | container_of(acl, typeof(*ptr), head); | ||
1305 | w[0] = ptr->is_not ? | ||
1306 | TOMOYO_KEYWORD_NO_KEEP_DOMAIN : | ||
1307 | TOMOYO_KEYWORD_KEEP_DOMAIN; | ||
1308 | if (ptr->program) { | ||
1309 | w[1] = ptr->program->name; | ||
1310 | w[2] = " from "; | ||
1311 | } | ||
1312 | w[3] = ptr->domainname->name; | ||
1313 | } | ||
1314 | break; | ||
1315 | case TOMOYO_ID_DOMAIN_INITIALIZER: | ||
1316 | { | ||
1317 | struct tomoyo_domain_initializer_entry *ptr = | ||
1318 | container_of(acl, typeof(*ptr), head); | ||
1319 | w[0] = ptr->is_not ? | ||
1320 | TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN : | ||
1321 | TOMOYO_KEYWORD_INITIALIZE_DOMAIN; | ||
1322 | w[1] = ptr->program->name; | ||
1323 | if (ptr->domainname) { | ||
1324 | w[2] = " from "; | ||
1325 | w[3] = ptr->domainname->name; | ||
1326 | } | ||
1327 | } | ||
1261 | break; | 1328 | break; |
1329 | case TOMOYO_ID_GLOBALLY_READABLE: | ||
1330 | { | ||
1331 | struct tomoyo_globally_readable_file_entry *ptr | ||
1332 | = container_of(acl, typeof(*ptr), head); | ||
1333 | w[0] = TOMOYO_KEYWORD_ALLOW_READ; | ||
1334 | w[1] = ptr->filename->name; | ||
1335 | } | ||
1336 | break; | ||
1337 | case TOMOYO_ID_ALIAS: | ||
1338 | { | ||
1339 | struct tomoyo_alias_entry *ptr = | ||
1340 | container_of(acl, typeof(*ptr), head); | ||
1341 | w[0] = TOMOYO_KEYWORD_ALIAS; | ||
1342 | w[1] = ptr->original_name->name; | ||
1343 | w[2] = " "; | ||
1344 | w[3] = ptr->aliased_name->name; | ||
1345 | } | ||
1346 | break; | ||
1347 | case TOMOYO_ID_AGGREGATOR: | ||
1348 | { | ||
1349 | struct tomoyo_aggregator_entry *ptr = | ||
1350 | container_of(acl, typeof(*ptr), head); | ||
1351 | w[0] = TOMOYO_KEYWORD_AGGREGATOR; | ||
1352 | w[1] = ptr->original_name->name; | ||
1353 | w[2] = " "; | ||
1354 | w[3] = ptr->aggregated_name->name; | ||
1355 | } | ||
1356 | break; | ||
1357 | case TOMOYO_ID_PATTERN: | ||
1358 | { | ||
1359 | struct tomoyo_pattern_entry *ptr = | ||
1360 | container_of(acl, typeof(*ptr), head); | ||
1361 | w[0] = TOMOYO_KEYWORD_FILE_PATTERN; | ||
1362 | w[1] = ptr->pattern->name; | ||
1363 | } | ||
1364 | break; | ||
1365 | case TOMOYO_ID_NO_REWRITE: | ||
1366 | { | ||
1367 | struct tomoyo_no_rewrite_entry *ptr = | ||
1368 | container_of(acl, typeof(*ptr), head); | ||
1369 | w[0] = TOMOYO_KEYWORD_DENY_REWRITE; | ||
1370 | w[1] = ptr->pattern->name; | ||
1371 | } | ||
1372 | break; | ||
1373 | default: | ||
1374 | continue; | ||
1262 | } | 1375 | } |
1376 | if (!tomoyo_io_printf(head, "%s%s%s%s\n", w[0], w[1], w[2], | ||
1377 | w[3])) | ||
1378 | return false; | ||
1263 | } | 1379 | } |
1380 | return true; | ||
1381 | } | ||
1382 | |||
1383 | /** | ||
1384 | * tomoyo_read_exception_policy - Read exception policy. | ||
1385 | * | ||
1386 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
1387 | * | ||
1388 | * Caller holds tomoyo_read_lock(). | ||
1389 | */ | ||
1390 | static void tomoyo_read_exception_policy(struct tomoyo_io_buffer *head) | ||
1391 | { | ||
1392 | if (head->read_eof) | ||
1393 | return; | ||
1394 | while (head->read_step < TOMOYO_MAX_POLICY && | ||
1395 | tomoyo_read_policy(head, head->read_step)) | ||
1396 | head->read_step++; | ||
1397 | if (head->read_step < TOMOYO_MAX_POLICY) | ||
1398 | return; | ||
1399 | while (head->read_step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP && | ||
1400 | tomoyo_read_group(head, head->read_step - TOMOYO_MAX_POLICY)) | ||
1401 | head->read_step++; | ||
1402 | if (head->read_step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP) | ||
1403 | return; | ||
1404 | head->read_eof = true; | ||
1264 | } | 1405 | } |
1265 | 1406 | ||
1266 | /** | 1407 | /** |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 451dc3c1036a..21eb1e7885b8 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -794,28 +794,6 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, | |||
794 | bool tomoyo_print_number_union(struct tomoyo_io_buffer *head, | 794 | bool tomoyo_print_number_union(struct tomoyo_io_buffer *head, |
795 | const struct tomoyo_number_union *ptr); | 795 | const struct tomoyo_number_union *ptr); |
796 | bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num); | 796 | bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num); |
797 | |||
798 | /* Read "aggregator" entry in exception policy. */ | ||
799 | bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head); | ||
800 | /* Read "alias" entry in exception policy. */ | ||
801 | bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head); | ||
802 | /* | ||
803 | * Read "initialize_domain" and "no_initialize_domain" entry | ||
804 | * in exception policy. | ||
805 | */ | ||
806 | bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head); | ||
807 | /* Read "keep_domain" and "no_keep_domain" entry in exception policy. */ | ||
808 | bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head); | ||
809 | /* Read "file_pattern" entry in exception policy. */ | ||
810 | bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head); | ||
811 | /* Read "path_group" entry in exception policy. */ | ||
812 | bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head); | ||
813 | /* Read "number_group" entry in exception policy. */ | ||
814 | bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head); | ||
815 | /* Read "allow_read" entry in exception policy. */ | ||
816 | bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head); | ||
817 | /* Read "deny_rewrite" entry in exception policy. */ | ||
818 | bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head); | ||
819 | /* Tokenize a line. */ | 797 | /* Tokenize a line. */ |
820 | bool tomoyo_tokenize(char *buffer, char *w[], size_t size); | 798 | bool tomoyo_tokenize(char *buffer, char *w[], size_t size); |
821 | /* Write domain policy violation warning message to console? */ | 799 | /* Write domain policy violation warning message to console? */ |
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 3575b0e7c7fd..038071a8a3d3 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
@@ -210,45 +210,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, | |||
210 | } | 210 | } |
211 | 211 | ||
212 | /** | 212 | /** |
213 | * tomoyo_read_domain_initializer_policy - Read "struct tomoyo_domain_initializer_entry" list. | ||
214 | * | ||
215 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
216 | * | ||
217 | * Returns true on success, false otherwise. | ||
218 | * | ||
219 | * Caller holds tomoyo_read_lock(). | ||
220 | */ | ||
221 | bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head) | ||
222 | { | ||
223 | struct list_head *pos; | ||
224 | bool done = true; | ||
225 | |||
226 | list_for_each_cookie(pos, head->read_var2, &tomoyo_policy_list | ||
227 | [TOMOYO_ID_DOMAIN_INITIALIZER]) { | ||
228 | const char *no; | ||
229 | const char *from = ""; | ||
230 | const char *domain = ""; | ||
231 | struct tomoyo_domain_initializer_entry *ptr; | ||
232 | ptr = list_entry(pos, struct tomoyo_domain_initializer_entry, | ||
233 | head.list); | ||
234 | if (ptr->head.is_deleted) | ||
235 | continue; | ||
236 | no = ptr->is_not ? "no_" : ""; | ||
237 | if (ptr->domainname) { | ||
238 | from = " from "; | ||
239 | domain = ptr->domainname->name; | ||
240 | } | ||
241 | done = tomoyo_io_printf(head, | ||
242 | "%s" TOMOYO_KEYWORD_INITIALIZE_DOMAIN | ||
243 | "%s%s%s\n", no, ptr->program->name, | ||
244 | from, domain); | ||
245 | if (!done) | ||
246 | break; | ||
247 | } | ||
248 | return done; | ||
249 | } | ||
250 | |||
251 | /** | ||
252 | * tomoyo_write_domain_initializer_policy - Write "struct tomoyo_domain_initializer_entry" list. | 213 | * tomoyo_write_domain_initializer_policy - Write "struct tomoyo_domain_initializer_entry" list. |
253 | * | 214 | * |
254 | * @data: String to parse. | 215 | * @data: String to parse. |
@@ -399,46 +360,6 @@ int tomoyo_write_domain_keeper_policy(char *data, const bool is_not, | |||
399 | } | 360 | } |
400 | 361 | ||
401 | /** | 362 | /** |
402 | * tomoyo_read_domain_keeper_policy - Read "struct tomoyo_domain_keeper_entry" list. | ||
403 | * | ||
404 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
405 | * | ||
406 | * Returns true on success, false otherwise. | ||
407 | * | ||
408 | * Caller holds tomoyo_read_lock(). | ||
409 | */ | ||
410 | bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head) | ||
411 | { | ||
412 | struct list_head *pos; | ||
413 | bool done = true; | ||
414 | |||
415 | list_for_each_cookie(pos, head->read_var2, | ||
416 | &tomoyo_policy_list[TOMOYO_ID_DOMAIN_KEEPER]) { | ||
417 | struct tomoyo_domain_keeper_entry *ptr; | ||
418 | const char *no; | ||
419 | const char *from = ""; | ||
420 | const char *program = ""; | ||
421 | |||
422 | ptr = list_entry(pos, struct tomoyo_domain_keeper_entry, | ||
423 | head.list); | ||
424 | if (ptr->head.is_deleted) | ||
425 | continue; | ||
426 | no = ptr->is_not ? "no_" : ""; | ||
427 | if (ptr->program) { | ||
428 | from = " from "; | ||
429 | program = ptr->program->name; | ||
430 | } | ||
431 | done = tomoyo_io_printf(head, | ||
432 | "%s" TOMOYO_KEYWORD_KEEP_DOMAIN | ||
433 | "%s%s%s\n", no, program, from, | ||
434 | ptr->domainname->name); | ||
435 | if (!done) | ||
436 | break; | ||
437 | } | ||
438 | return done; | ||
439 | } | ||
440 | |||
441 | /** | ||
442 | * tomoyo_domain_keeper - Check whether the given program causes domain transition suppression. | 363 | * tomoyo_domain_keeper - Check whether the given program causes domain transition suppression. |
443 | * | 364 | * |
444 | * @domainname: The name of domain. | 365 | * @domainname: The name of domain. |
@@ -527,37 +448,6 @@ static int tomoyo_update_aggregator_entry(const char *original_name, | |||
527 | } | 448 | } |
528 | 449 | ||
529 | /** | 450 | /** |
530 | * tomoyo_read_aggregator_policy - Read "struct tomoyo_aggregator_entry" list. | ||
531 | * | ||
532 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
533 | * | ||
534 | * Returns true on success, false otherwise. | ||
535 | * | ||
536 | * Caller holds tomoyo_read_lock(). | ||
537 | */ | ||
538 | bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head) | ||
539 | { | ||
540 | struct list_head *pos; | ||
541 | bool done = true; | ||
542 | |||
543 | list_for_each_cookie(pos, head->read_var2, | ||
544 | &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR]) { | ||
545 | struct tomoyo_aggregator_entry *ptr; | ||
546 | |||
547 | ptr = list_entry(pos, struct tomoyo_aggregator_entry, | ||
548 | head.list); | ||
549 | if (ptr->head.is_deleted) | ||
550 | continue; | ||
551 | done = tomoyo_io_printf(head, TOMOYO_KEYWORD_AGGREGATOR | ||
552 | "%s %s\n", ptr->original_name->name, | ||
553 | ptr->aggregated_name->name); | ||
554 | if (!done) | ||
555 | break; | ||
556 | } | ||
557 | return done; | ||
558 | } | ||
559 | |||
560 | /** | ||
561 | * tomoyo_write_aggregator_policy - Write "struct tomoyo_aggregator_entry" list. | 451 | * tomoyo_write_aggregator_policy - Write "struct tomoyo_aggregator_entry" list. |
562 | * | 452 | * |
563 | * @data: String to parse. | 453 | * @data: String to parse. |
@@ -624,36 +514,6 @@ static int tomoyo_update_alias_entry(const char *original_name, | |||
624 | } | 514 | } |
625 | 515 | ||
626 | /** | 516 | /** |
627 | * tomoyo_read_alias_policy - Read "struct tomoyo_alias_entry" list. | ||
628 | * | ||
629 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
630 | * | ||
631 | * Returns true on success, false otherwise. | ||
632 | * | ||
633 | * Caller holds tomoyo_read_lock(). | ||
634 | */ | ||
635 | bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head) | ||
636 | { | ||
637 | struct list_head *pos; | ||
638 | bool done = true; | ||
639 | |||
640 | list_for_each_cookie(pos, head->read_var2, | ||
641 | &tomoyo_policy_list[TOMOYO_ID_ALIAS]) { | ||
642 | struct tomoyo_alias_entry *ptr; | ||
643 | |||
644 | ptr = list_entry(pos, struct tomoyo_alias_entry, head.list); | ||
645 | if (ptr->head.is_deleted) | ||
646 | continue; | ||
647 | done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALIAS "%s %s\n", | ||
648 | ptr->original_name->name, | ||
649 | ptr->aliased_name->name); | ||
650 | if (!done) | ||
651 | break; | ||
652 | } | ||
653 | return done; | ||
654 | } | ||
655 | |||
656 | /** | ||
657 | * tomoyo_write_alias_policy - Write "struct tomoyo_alias_entry" list. | 517 | * tomoyo_write_alias_policy - Write "struct tomoyo_alias_entry" list. |
658 | * | 518 | * |
659 | * @data: String to parse. | 519 | * @data: String to parse. |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index df3b203d7d4f..e7687ebdc5f6 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -344,36 +344,6 @@ int tomoyo_write_globally_readable_policy(char *data, const bool is_delete) | |||
344 | return tomoyo_update_globally_readable_entry(data, is_delete); | 344 | return tomoyo_update_globally_readable_entry(data, is_delete); |
345 | } | 345 | } |
346 | 346 | ||
347 | /** | ||
348 | * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list. | ||
349 | * | ||
350 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
351 | * | ||
352 | * Returns true on success, false otherwise. | ||
353 | * | ||
354 | * Caller holds tomoyo_read_lock(). | ||
355 | */ | ||
356 | bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head) | ||
357 | { | ||
358 | struct list_head *pos; | ||
359 | bool done = true; | ||
360 | |||
361 | list_for_each_cookie(pos, head->read_var2, | ||
362 | &tomoyo_policy_list[TOMOYO_ID_GLOBALLY_READABLE]) { | ||
363 | struct tomoyo_globally_readable_file_entry *ptr; | ||
364 | ptr = list_entry(pos, | ||
365 | struct tomoyo_globally_readable_file_entry, | ||
366 | head.list); | ||
367 | if (ptr->head.is_deleted) | ||
368 | continue; | ||
369 | done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_READ "%s\n", | ||
370 | ptr->filename->name); | ||
371 | if (!done) | ||
372 | break; | ||
373 | } | ||
374 | return done; | ||
375 | } | ||
376 | |||
377 | static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, | 347 | static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, |
378 | const struct tomoyo_acl_head *b) | 348 | const struct tomoyo_acl_head *b) |
379 | { | 349 | { |
@@ -457,34 +427,6 @@ int tomoyo_write_pattern_policy(char *data, const bool is_delete) | |||
457 | return tomoyo_update_file_pattern_entry(data, is_delete); | 427 | return tomoyo_update_file_pattern_entry(data, is_delete); |
458 | } | 428 | } |
459 | 429 | ||
460 | /** | ||
461 | * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list. | ||
462 | * | ||
463 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
464 | * | ||
465 | * Returns true on success, false otherwise. | ||
466 | * | ||
467 | * Caller holds tomoyo_read_lock(). | ||
468 | */ | ||
469 | bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head) | ||
470 | { | ||
471 | struct list_head *pos; | ||
472 | bool done = true; | ||
473 | |||
474 | list_for_each_cookie(pos, head->read_var2, | ||
475 | &tomoyo_policy_list[TOMOYO_ID_PATTERN]) { | ||
476 | struct tomoyo_pattern_entry *ptr; | ||
477 | ptr = list_entry(pos, struct tomoyo_pattern_entry, head.list); | ||
478 | if (ptr->head.is_deleted) | ||
479 | continue; | ||
480 | done = tomoyo_io_printf(head, TOMOYO_KEYWORD_FILE_PATTERN | ||
481 | "%s\n", ptr->pattern->name); | ||
482 | if (!done) | ||
483 | break; | ||
484 | } | ||
485 | return done; | ||
486 | } | ||
487 | |||
488 | static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, | 430 | static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, |
489 | const struct tomoyo_acl_head *b) | 431 | const struct tomoyo_acl_head *b) |
490 | { | 432 | { |
@@ -563,35 +505,6 @@ int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete) | |||
563 | return tomoyo_update_no_rewrite_entry(data, is_delete); | 505 | return tomoyo_update_no_rewrite_entry(data, is_delete); |
564 | } | 506 | } |
565 | 507 | ||
566 | /** | ||
567 | * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list. | ||
568 | * | ||
569 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
570 | * | ||
571 | * Returns true on success, false otherwise. | ||
572 | * | ||
573 | * Caller holds tomoyo_read_lock(). | ||
574 | */ | ||
575 | bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head) | ||
576 | { | ||
577 | struct list_head *pos; | ||
578 | bool done = true; | ||
579 | |||
580 | list_for_each_cookie(pos, head->read_var2, | ||
581 | &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE]) { | ||
582 | struct tomoyo_no_rewrite_entry *ptr; | ||
583 | ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, | ||
584 | head.list); | ||
585 | if (ptr->head.is_deleted) | ||
586 | continue; | ||
587 | done = tomoyo_io_printf(head, TOMOYO_KEYWORD_DENY_REWRITE | ||
588 | "%s\n", ptr->pattern->name); | ||
589 | if (!done) | ||
590 | break; | ||
591 | } | ||
592 | return done; | ||
593 | } | ||
594 | |||
595 | static bool tomoyo_check_path_acl(const struct tomoyo_request_info *r, | 508 | static bool tomoyo_check_path_acl(const struct tomoyo_request_info *r, |
596 | const struct tomoyo_acl_info *ptr) | 509 | const struct tomoyo_acl_info *ptr) |
597 | { | 510 | { |
diff --git a/security/tomoyo/number_group.c b/security/tomoyo/number_group.c index 99694153b947..5e75f5314bda 100644 --- a/security/tomoyo/number_group.c +++ b/security/tomoyo/number_group.c | |||
@@ -97,47 +97,6 @@ int tomoyo_write_number_group_policy(char *data, const bool is_delete) | |||
97 | } | 97 | } |
98 | 98 | ||
99 | /** | 99 | /** |
100 | * tomoyo_read_number_group_policy - Read "struct tomoyo_number_group" list. | ||
101 | * | ||
102 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
103 | * | ||
104 | * Returns true on success, false otherwise. | ||
105 | * | ||
106 | * Caller holds tomoyo_read_lock(). | ||
107 | */ | ||
108 | bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head) | ||
109 | { | ||
110 | struct list_head *gpos; | ||
111 | struct list_head *mpos; | ||
112 | list_for_each_cookie(gpos, head->read_var1, | ||
113 | &tomoyo_group_list[TOMOYO_NUMBER_GROUP]) { | ||
114 | struct tomoyo_group *group; | ||
115 | const char *name; | ||
116 | group = list_entry(gpos, struct tomoyo_group, list); | ||
117 | name = group->group_name->name; | ||
118 | list_for_each_cookie(mpos, head->read_var2, | ||
119 | &group->member_list) { | ||
120 | int pos; | ||
121 | const struct tomoyo_number_group *member | ||
122 | = list_entry(mpos, | ||
123 | struct tomoyo_number_group, | ||
124 | head.list); | ||
125 | if (member->head.is_deleted) | ||
126 | continue; | ||
127 | pos = head->read_avail; | ||
128 | if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_NUMBER_GROUP | ||
129 | "%s", name) || | ||
130 | !tomoyo_print_number_union(head, &member->number) || | ||
131 | !tomoyo_io_printf(head, "\n")) { | ||
132 | head->read_avail = pos; | ||
133 | return false; | ||
134 | } | ||
135 | } | ||
136 | } | ||
137 | return true; | ||
138 | } | ||
139 | |||
140 | /** | ||
141 | * tomoyo_number_matches_group - Check whether the given number matches members of the given number group. | 100 | * tomoyo_number_matches_group - Check whether the given number matches members of the given number group. |
142 | * | 101 | * |
143 | * @min: Min number. | 102 | * @min: Min number. |
diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c index 44e8a5b1ca67..2f9f9240bf5a 100644 --- a/security/tomoyo/path_group.c +++ b/security/tomoyo/path_group.c | |||
@@ -95,41 +95,6 @@ int tomoyo_write_path_group_policy(char *data, const bool is_delete) | |||
95 | } | 95 | } |
96 | 96 | ||
97 | /** | 97 | /** |
98 | * tomoyo_read_path_group_policy - Read "struct tomoyo_path_group" list. | ||
99 | * | ||
100 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
101 | * | ||
102 | * Returns true on success, false otherwise. | ||
103 | * | ||
104 | * Caller holds tomoyo_read_lock(). | ||
105 | */ | ||
106 | bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head) | ||
107 | { | ||
108 | struct list_head *gpos; | ||
109 | struct list_head *mpos; | ||
110 | list_for_each_cookie(gpos, head->read_var1, | ||
111 | &tomoyo_group_list[TOMOYO_PATH_GROUP]) { | ||
112 | struct tomoyo_group *group; | ||
113 | group = list_entry(gpos, struct tomoyo_group, list); | ||
114 | list_for_each_cookie(mpos, head->read_var2, | ||
115 | &group->member_list) { | ||
116 | struct tomoyo_path_group *member; | ||
117 | member = list_entry(mpos, | ||
118 | struct tomoyo_path_group, | ||
119 | head.list); | ||
120 | if (member->head.is_deleted) | ||
121 | continue; | ||
122 | if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_PATH_GROUP | ||
123 | "%s %s\n", | ||
124 | group->group_name->name, | ||
125 | member->member_name->name)) | ||
126 | return false; | ||
127 | } | ||
128 | } | ||
129 | return true; | ||
130 | } | ||
131 | |||
132 | /** | ||
133 | * tomoyo_path_matches_group - Check whether the given pathname matches members of the given pathname group. | 98 | * tomoyo_path_matches_group - Check whether the given pathname matches members of the given pathname group. |
134 | * | 99 | * |
135 | * @pathname: The name of pathname. | 100 | * @pathname: The name of pathname. |