aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/tomoyo/common.c226
-rw-r--r--security/tomoyo/common.h54
-rw-r--r--security/tomoyo/domain.c60
-rw-r--r--security/tomoyo/file.c63
-rw-r--r--security/tomoyo/gc.c22
-rw-r--r--security/tomoyo/memory.c2
-rw-r--r--security/tomoyo/mount.c10
-rw-r--r--security/tomoyo/util.c2
8 files changed, 199 insertions, 240 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 30e4b08905e3..65c18af3ffe5 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -248,14 +248,13 @@ static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
248} 248}
249 249
250/** 250/**
251 * tomoyo_find_or_assign_new_profile - Create a new profile. 251 * tomoyo_assign_profile - Create a new profile.
252 * 252 *
253 * @profile: Profile number to create. 253 * @profile: Profile number to create.
254 * 254 *
255 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 255 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
256 */ 256 */
257static struct tomoyo_profile *tomoyo_find_or_assign_new_profile 257static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile)
258(const unsigned int profile)
259{ 258{
260 struct tomoyo_profile *ptr; 259 struct tomoyo_profile *ptr;
261 struct tomoyo_profile *entry; 260 struct tomoyo_profile *entry;
@@ -443,7 +442,7 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
443 if (*cp != '-') 442 if (*cp != '-')
444 return -EINVAL; 443 return -EINVAL;
445 data = cp + 1; 444 data = cp + 1;
446 profile = tomoyo_find_or_assign_new_profile(i); 445 profile = tomoyo_assign_profile(i);
447 if (!profile) 446 if (!profile)
448 return -EINVAL; 447 return -EINVAL;
449 } 448 }
@@ -584,13 +583,11 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
584 goto next; 583 goto next;
585} 584}
586 585
587static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, 586static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
588 const struct tomoyo_acl_head *b) 587 const struct tomoyo_acl_head *b)
589{ 588{
590 return container_of(a, struct tomoyo_policy_manager_entry, head) 589 return container_of(a, struct tomoyo_manager, head)->manager ==
591 ->manager == 590 container_of(b, struct tomoyo_manager, head)->manager;
592 container_of(b, struct tomoyo_policy_manager_entry, head)
593 ->manager;
594} 591}
595 592
596/** 593/**
@@ -606,7 +603,7 @@ static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a,
606static int tomoyo_update_manager_entry(const char *manager, 603static int tomoyo_update_manager_entry(const char *manager,
607 const bool is_delete) 604 const bool is_delete)
608{ 605{
609 struct tomoyo_policy_manager_entry e = { }; 606 struct tomoyo_manager e = { };
610 int error; 607 int error;
611 608
612 if (tomoyo_domain_def(manager)) { 609 if (tomoyo_domain_def(manager)) {
@@ -622,13 +619,13 @@ static int tomoyo_update_manager_entry(const char *manager,
622 return -ENOMEM; 619 return -ENOMEM;
623 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 620 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
624 &tomoyo_policy_list[TOMOYO_ID_MANAGER], 621 &tomoyo_policy_list[TOMOYO_ID_MANAGER],
625 tomoyo_same_manager_entry); 622 tomoyo_same_manager);
626 tomoyo_put_name(e.manager); 623 tomoyo_put_name(e.manager);
627 return error; 624 return error;
628} 625}
629 626
630/** 627/**
631 * tomoyo_write_manager_policy - Write manager policy. 628 * tomoyo_write_manager - Write manager policy.
632 * 629 *
633 * @head: Pointer to "struct tomoyo_io_buffer". 630 * @head: Pointer to "struct tomoyo_io_buffer".
634 * 631 *
@@ -636,7 +633,7 @@ static int tomoyo_update_manager_entry(const char *manager,
636 * 633 *
637 * Caller holds tomoyo_read_lock(). 634 * Caller holds tomoyo_read_lock().
638 */ 635 */
639static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) 636static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
640{ 637{
641 char *data = head->write_buf; 638 char *data = head->write_buf;
642 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 639 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
@@ -649,19 +646,19 @@ static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
649} 646}
650 647
651/** 648/**
652 * tomoyo_read_manager_policy - Read manager policy. 649 * tomoyo_read_manager - Read manager policy.
653 * 650 *
654 * @head: Pointer to "struct tomoyo_io_buffer". 651 * @head: Pointer to "struct tomoyo_io_buffer".
655 * 652 *
656 * Caller holds tomoyo_read_lock(). 653 * Caller holds tomoyo_read_lock().
657 */ 654 */
658static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) 655static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
659{ 656{
660 if (head->r.eof) 657 if (head->r.eof)
661 return; 658 return;
662 list_for_each_cookie(head->r.acl, 659 list_for_each_cookie(head->r.acl,
663 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { 660 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
664 struct tomoyo_policy_manager_entry *ptr = 661 struct tomoyo_manager *ptr =
665 list_entry(head->r.acl, typeof(*ptr), head.list); 662 list_entry(head->r.acl, typeof(*ptr), head.list);
666 if (ptr->head.is_deleted) 663 if (ptr->head.is_deleted)
667 continue; 664 continue;
@@ -674,16 +671,16 @@ static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
674} 671}
675 672
676/** 673/**
677 * tomoyo_policy_manager - Check whether the current process is a policy manager. 674 * tomoyo_manager - Check whether the current process is a policy manager.
678 * 675 *
679 * Returns true if the current process is permitted to modify policy 676 * Returns true if the current process is permitted to modify policy
680 * via /sys/kernel/security/tomoyo/ interface. 677 * via /sys/kernel/security/tomoyo/ interface.
681 * 678 *
682 * Caller holds tomoyo_read_lock(). 679 * Caller holds tomoyo_read_lock().
683 */ 680 */
684static bool tomoyo_policy_manager(void) 681static bool tomoyo_manager(void)
685{ 682{
686 struct tomoyo_policy_manager_entry *ptr; 683 struct tomoyo_manager *ptr;
687 const char *exe; 684 const char *exe;
688 const struct task_struct *task = current; 685 const struct task_struct *task = current;
689 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 686 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
@@ -813,7 +810,7 @@ static int tomoyo_delete_domain(char *domainname)
813} 810}
814 811
815/** 812/**
816 * tomoyo_write_domain_policy2 - Write domain policy. 813 * tomoyo_write_domain2 - Write domain policy.
817 * 814 *
818 * @head: Pointer to "struct tomoyo_io_buffer". 815 * @head: Pointer to "struct tomoyo_io_buffer".
819 * 816 *
@@ -821,17 +818,16 @@ static int tomoyo_delete_domain(char *domainname)
821 * 818 *
822 * Caller holds tomoyo_read_lock(). 819 * Caller holds tomoyo_read_lock().
823 */ 820 */
824static int tomoyo_write_domain_policy2(char *data, 821static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain,
825 struct tomoyo_domain_info *domain, 822 const bool is_delete)
826 const bool is_delete)
827{ 823{
828 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT)) 824 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT))
829 return tomoyo_write_mount_policy(data, domain, is_delete); 825 return tomoyo_write_mount(data, domain, is_delete);
830 return tomoyo_write_file_policy(data, domain, is_delete); 826 return tomoyo_write_file(data, domain, is_delete);
831} 827}
832 828
833/** 829/**
834 * tomoyo_write_domain_policy - Write domain policy. 830 * tomoyo_write_domain - Write domain policy.
835 * 831 *
836 * @head: Pointer to "struct tomoyo_io_buffer". 832 * @head: Pointer to "struct tomoyo_io_buffer".
837 * 833 *
@@ -839,7 +835,7 @@ static int tomoyo_write_domain_policy2(char *data,
839 * 835 *
840 * Caller holds tomoyo_read_lock(). 836 * Caller holds tomoyo_read_lock().
841 */ 837 */
842static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) 838static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
843{ 839{
844 char *data = head->write_buf; 840 char *data = head->write_buf;
845 struct tomoyo_domain_info *domain = head->write_var1; 841 struct tomoyo_domain_info *domain = head->write_var1;
@@ -854,7 +850,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
854 if (is_select && tomoyo_select_one(head, data)) 850 if (is_select && tomoyo_select_one(head, data))
855 return 0; 851 return 0;
856 /* Don't allow updating policies by non manager programs. */ 852 /* Don't allow updating policies by non manager programs. */
857 if (!tomoyo_policy_manager()) 853 if (!tomoyo_manager())
858 return -EPERM; 854 return -EPERM;
859 if (tomoyo_domain_def(data)) { 855 if (tomoyo_domain_def(data)) {
860 domain = NULL; 856 domain = NULL;
@@ -863,7 +859,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
863 else if (is_select) 859 else if (is_select)
864 domain = tomoyo_find_domain(data); 860 domain = tomoyo_find_domain(data);
865 else 861 else
866 domain = tomoyo_find_or_assign_new_domain(data, 0); 862 domain = tomoyo_assign_domain(data, 0);
867 head->write_var1 = domain; 863 head->write_var1 = domain;
868 return 0; 864 return 0;
869 } 865 }
@@ -888,7 +884,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
888 domain->transition_failed = !is_delete; 884 domain->transition_failed = !is_delete;
889 return 0; 885 return 0;
890 } 886 }
891 return tomoyo_write_domain_policy2(data, domain, is_delete); 887 return tomoyo_write_domain2(data, domain, is_delete);
892} 888}
893 889
894/** 890/**
@@ -1022,13 +1018,13 @@ static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1022} 1018}
1023 1019
1024/** 1020/**
1025 * tomoyo_read_domain_policy - Read domain policy. 1021 * tomoyo_read_domain - Read domain policy.
1026 * 1022 *
1027 * @head: Pointer to "struct tomoyo_io_buffer". 1023 * @head: Pointer to "struct tomoyo_io_buffer".
1028 * 1024 *
1029 * Caller holds tomoyo_read_lock(). 1025 * Caller holds tomoyo_read_lock().
1030 */ 1026 */
1031static void tomoyo_read_domain_policy(struct tomoyo_io_buffer *head) 1027static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1032{ 1028{
1033 if (head->r.eof) 1029 if (head->r.eof)
1034 return; 1030 return;
@@ -1208,8 +1204,13 @@ static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1208 [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN 1204 [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN
1209}; 1205};
1210 1206
1207static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1208 [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,
1209 [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP
1210};
1211
1211/** 1212/**
1212 * tomoyo_write_exception_policy - Write exception policy. 1213 * tomoyo_write_exception - Write exception policy.
1213 * 1214 *
1214 * @head: Pointer to "struct tomoyo_io_buffer". 1215 * @head: Pointer to "struct tomoyo_io_buffer".
1215 * 1216 *
@@ -1217,37 +1218,34 @@ static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1217 * 1218 *
1218 * Caller holds tomoyo_read_lock(). 1219 * Caller holds tomoyo_read_lock().
1219 */ 1220 */
1220static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head) 1221static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1221{ 1222{
1222 char *data = head->write_buf; 1223 char *data = head->write_buf;
1223 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1224 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1224 u8 i; 1225 u8 i;
1225 1226 static const struct {
1226 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) { 1227 const char *keyword;
1228 int (*write) (char *, const bool);
1229 } tomoyo_callback[4] = {
1230 { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator },
1231 { TOMOYO_KEYWORD_FILE_PATTERN, tomoyo_write_pattern },
1232 { TOMOYO_KEYWORD_DENY_REWRITE, tomoyo_write_no_rewrite },
1233 { TOMOYO_KEYWORD_ALLOW_READ, tomoyo_write_globally_readable },
1234 };
1235
1236 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1227 if (tomoyo_str_starts(&data, tomoyo_transition_type[i])) 1237 if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))
1228 return tomoyo_write_transition_control(data, is_delete, 1238 return tomoyo_write_transition_control(data, is_delete,
1229 i); 1239 i);
1230 } 1240 for (i = 0; i < 4; i++)
1231 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR)) 1241 if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword))
1232 return tomoyo_write_aggregator_policy(data, is_delete); 1242 return tomoyo_callback[i].write(data, is_delete);
1233 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) 1243 for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1234 return tomoyo_write_globally_readable_policy(data, is_delete); 1244 if (tomoyo_str_starts(&data, tomoyo_group_name[i]))
1235 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN)) 1245 return tomoyo_write_group(data, is_delete, i);
1236 return tomoyo_write_pattern_policy(data, is_delete);
1237 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE))
1238 return tomoyo_write_no_rewrite_policy(data, is_delete);
1239 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_PATH_GROUP))
1240 return tomoyo_write_group(data, is_delete, TOMOYO_PATH_GROUP);
1241 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NUMBER_GROUP))
1242 return tomoyo_write_group(data, is_delete, TOMOYO_NUMBER_GROUP);
1243 return -EINVAL; 1246 return -EINVAL;
1244} 1247}
1245 1248
1246static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1247 [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,
1248 [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP
1249};
1250
1251/** 1249/**
1252 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list. 1250 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1253 * 1251 *
@@ -1331,8 +1329,8 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1331 break; 1329 break;
1332 case TOMOYO_ID_GLOBALLY_READABLE: 1330 case TOMOYO_ID_GLOBALLY_READABLE:
1333 { 1331 {
1334 struct tomoyo_globally_readable_file_entry *ptr 1332 struct tomoyo_readable_file *ptr =
1335 = container_of(acl, typeof(*ptr), head); 1333 container_of(acl, typeof(*ptr), head);
1336 tomoyo_set_string(head, 1334 tomoyo_set_string(head,
1337 TOMOYO_KEYWORD_ALLOW_READ); 1335 TOMOYO_KEYWORD_ALLOW_READ);
1338 tomoyo_set_string(head, ptr->filename->name); 1336 tomoyo_set_string(head, ptr->filename->name);
@@ -1340,7 +1338,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1340 break; 1338 break;
1341 case TOMOYO_ID_AGGREGATOR: 1339 case TOMOYO_ID_AGGREGATOR:
1342 { 1340 {
1343 struct tomoyo_aggregator_entry *ptr = 1341 struct tomoyo_aggregator *ptr =
1344 container_of(acl, typeof(*ptr), head); 1342 container_of(acl, typeof(*ptr), head);
1345 tomoyo_set_string(head, 1343 tomoyo_set_string(head,
1346 TOMOYO_KEYWORD_AGGREGATOR); 1344 TOMOYO_KEYWORD_AGGREGATOR);
@@ -1353,7 +1351,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1353 break; 1351 break;
1354 case TOMOYO_ID_PATTERN: 1352 case TOMOYO_ID_PATTERN:
1355 { 1353 {
1356 struct tomoyo_pattern_entry *ptr = 1354 struct tomoyo_no_pattern *ptr =
1357 container_of(acl, typeof(*ptr), head); 1355 container_of(acl, typeof(*ptr), head);
1358 tomoyo_set_string(head, 1356 tomoyo_set_string(head,
1359 TOMOYO_KEYWORD_FILE_PATTERN); 1357 TOMOYO_KEYWORD_FILE_PATTERN);
@@ -1362,7 +1360,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1362 break; 1360 break;
1363 case TOMOYO_ID_NO_REWRITE: 1361 case TOMOYO_ID_NO_REWRITE:
1364 { 1362 {
1365 struct tomoyo_no_rewrite_entry *ptr = 1363 struct tomoyo_no_rewrite *ptr =
1366 container_of(acl, typeof(*ptr), head); 1364 container_of(acl, typeof(*ptr), head);
1367 tomoyo_set_string(head, 1365 tomoyo_set_string(head,
1368 TOMOYO_KEYWORD_DENY_REWRITE); 1366 TOMOYO_KEYWORD_DENY_REWRITE);
@@ -1379,13 +1377,13 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1379} 1377}
1380 1378
1381/** 1379/**
1382 * tomoyo_read_exception_policy - Read exception policy. 1380 * tomoyo_read_exception - Read exception policy.
1383 * 1381 *
1384 * @head: Pointer to "struct tomoyo_io_buffer". 1382 * @head: Pointer to "struct tomoyo_io_buffer".
1385 * 1383 *
1386 * Caller holds tomoyo_read_lock(). 1384 * Caller holds tomoyo_read_lock().
1387 */ 1385 */
1388static void tomoyo_read_exception_policy(struct tomoyo_io_buffer *head) 1386static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1389{ 1387{
1390 if (head->r.eof) 1388 if (head->r.eof)
1391 return; 1389 return;
@@ -1472,7 +1470,7 @@ static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1472static DEFINE_SPINLOCK(tomoyo_query_list_lock); 1470static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1473 1471
1474/* Structure for query. */ 1472/* Structure for query. */
1475struct tomoyo_query_entry { 1473struct tomoyo_query {
1476 struct list_head list; 1474 struct list_head list;
1477 char *query; 1475 char *query;
1478 int query_len; 1476 int query_len;
@@ -1481,7 +1479,7 @@ struct tomoyo_query_entry {
1481 int answer; 1479 int answer;
1482}; 1480};
1483 1481
1484/* The list for "struct tomoyo_query_entry". */ 1482/* The list for "struct tomoyo_query". */
1485static LIST_HEAD(tomoyo_query_list); 1483static LIST_HEAD(tomoyo_query_list);
1486 1484
1487/* 1485/*
@@ -1508,7 +1506,7 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1508 int pos; 1506 int pos;
1509 int len; 1507 int len;
1510 static unsigned int tomoyo_serial; 1508 static unsigned int tomoyo_serial;
1511 struct tomoyo_query_entry *tomoyo_query_entry = NULL; 1509 struct tomoyo_query *entry = NULL;
1512 bool quota_exceeded = false; 1510 bool quota_exceeded = false;
1513 char *header; 1511 char *header;
1514 switch (r->mode) { 1512 switch (r->mode) {
@@ -1526,7 +1524,7 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1526 vsnprintf(buffer, len - 1, fmt, args); 1524 vsnprintf(buffer, len - 1, fmt, args);
1527 va_end(args); 1525 va_end(args);
1528 tomoyo_normalize_line(buffer); 1526 tomoyo_normalize_line(buffer);
1529 tomoyo_write_domain_policy2(buffer, r->domain, false); 1527 tomoyo_write_domain2(buffer, r->domain, false);
1530 kfree(buffer); 1528 kfree(buffer);
1531 /* fall through */ 1529 /* fall through */
1532 case TOMOYO_CONFIG_PERMISSIVE: 1530 case TOMOYO_CONFIG_PERMISSIVE:
@@ -1542,51 +1540,50 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1542 header = tomoyo_init_audit_log(&len, r); 1540 header = tomoyo_init_audit_log(&len, r);
1543 if (!header) 1541 if (!header)
1544 goto out; 1542 goto out;
1545 tomoyo_query_entry = kzalloc(sizeof(*tomoyo_query_entry), GFP_NOFS); 1543 entry = kzalloc(sizeof(*entry), GFP_NOFS);
1546 if (!tomoyo_query_entry) 1544 if (!entry)
1547 goto out; 1545 goto out;
1548 tomoyo_query_entry->query = kzalloc(len, GFP_NOFS); 1546 entry->query = kzalloc(len, GFP_NOFS);
1549 if (!tomoyo_query_entry->query) 1547 if (!entry->query)
1550 goto out; 1548 goto out;
1551 len = ksize(tomoyo_query_entry->query); 1549 len = ksize(entry->query);
1552 INIT_LIST_HEAD(&tomoyo_query_entry->list);
1553 spin_lock(&tomoyo_query_list_lock); 1550 spin_lock(&tomoyo_query_list_lock);
1554 if (tomoyo_quota_for_query && tomoyo_query_memory_size + len + 1551 if (tomoyo_quota_for_query && tomoyo_query_memory_size + len +
1555 sizeof(*tomoyo_query_entry) >= tomoyo_quota_for_query) { 1552 sizeof(*entry) >= tomoyo_quota_for_query) {
1556 quota_exceeded = true; 1553 quota_exceeded = true;
1557 } else { 1554 } else {
1558 tomoyo_query_memory_size += len + sizeof(*tomoyo_query_entry); 1555 tomoyo_query_memory_size += len + sizeof(*entry);
1559 tomoyo_query_entry->serial = tomoyo_serial++; 1556 entry->serial = tomoyo_serial++;
1560 } 1557 }
1561 spin_unlock(&tomoyo_query_list_lock); 1558 spin_unlock(&tomoyo_query_list_lock);
1562 if (quota_exceeded) 1559 if (quota_exceeded)
1563 goto out; 1560 goto out;
1564 pos = snprintf(tomoyo_query_entry->query, len - 1, "Q%u-%hu\n%s", 1561 pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s",
1565 tomoyo_query_entry->serial, r->retry, header); 1562 entry->serial, r->retry, header);
1566 kfree(header); 1563 kfree(header);
1567 header = NULL; 1564 header = NULL;
1568 va_start(args, fmt); 1565 va_start(args, fmt);
1569 vsnprintf(tomoyo_query_entry->query + pos, len - 1 - pos, fmt, args); 1566 vsnprintf(entry->query + pos, len - 1 - pos, fmt, args);
1570 tomoyo_query_entry->query_len = strlen(tomoyo_query_entry->query) + 1; 1567 entry->query_len = strlen(entry->query) + 1;
1571 va_end(args); 1568 va_end(args);
1572 spin_lock(&tomoyo_query_list_lock); 1569 spin_lock(&tomoyo_query_list_lock);
1573 list_add_tail(&tomoyo_query_entry->list, &tomoyo_query_list); 1570 list_add_tail(&entry->list, &tomoyo_query_list);
1574 spin_unlock(&tomoyo_query_list_lock); 1571 spin_unlock(&tomoyo_query_list_lock);
1575 /* Give 10 seconds for supervisor's opinion. */ 1572 /* Give 10 seconds for supervisor's opinion. */
1576 for (tomoyo_query_entry->timer = 0; 1573 for (entry->timer = 0;
1577 atomic_read(&tomoyo_query_observers) && tomoyo_query_entry->timer < 100; 1574 atomic_read(&tomoyo_query_observers) && entry->timer < 100;
1578 tomoyo_query_entry->timer++) { 1575 entry->timer++) {
1579 wake_up(&tomoyo_query_wait); 1576 wake_up(&tomoyo_query_wait);
1580 set_current_state(TASK_INTERRUPTIBLE); 1577 set_current_state(TASK_INTERRUPTIBLE);
1581 schedule_timeout(HZ / 10); 1578 schedule_timeout(HZ / 10);
1582 if (tomoyo_query_entry->answer) 1579 if (entry->answer)
1583 break; 1580 break;
1584 } 1581 }
1585 spin_lock(&tomoyo_query_list_lock); 1582 spin_lock(&tomoyo_query_list_lock);
1586 list_del(&tomoyo_query_entry->list); 1583 list_del(&entry->list);
1587 tomoyo_query_memory_size -= len + sizeof(*tomoyo_query_entry); 1584 tomoyo_query_memory_size -= len + sizeof(*entry);
1588 spin_unlock(&tomoyo_query_list_lock); 1585 spin_unlock(&tomoyo_query_list_lock);
1589 switch (tomoyo_query_entry->answer) { 1586 switch (entry->answer) {
1590 case 3: /* Asked to retry by administrator. */ 1587 case 3: /* Asked to retry by administrator. */
1591 error = TOMOYO_RETRY_REQUEST; 1588 error = TOMOYO_RETRY_REQUEST;
1592 r->retry++; 1589 r->retry++;
@@ -1603,9 +1600,9 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1603 break; 1600 break;
1604 } 1601 }
1605 out: 1602 out:
1606 if (tomoyo_query_entry) 1603 if (entry)
1607 kfree(tomoyo_query_entry->query); 1604 kfree(entry->query);
1608 kfree(tomoyo_query_entry); 1605 kfree(entry);
1609 kfree(header); 1606 kfree(header);
1610 return error; 1607 return error;
1611} 1608}
@@ -1628,9 +1625,8 @@ static int tomoyo_poll_query(struct file *file, poll_table *wait)
1628 for (i = 0; i < 2; i++) { 1625 for (i = 0; i < 2; i++) {
1629 spin_lock(&tomoyo_query_list_lock); 1626 spin_lock(&tomoyo_query_list_lock);
1630 list_for_each(tmp, &tomoyo_query_list) { 1627 list_for_each(tmp, &tomoyo_query_list) {
1631 struct tomoyo_query_entry *ptr 1628 struct tomoyo_query *ptr =
1632 = list_entry(tmp, struct tomoyo_query_entry, 1629 list_entry(tmp, typeof(*ptr), list);
1633 list);
1634 if (ptr->answer) 1630 if (ptr->answer)
1635 continue; 1631 continue;
1636 found = true; 1632 found = true;
@@ -1665,8 +1661,7 @@ static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1665 } 1661 }
1666 spin_lock(&tomoyo_query_list_lock); 1662 spin_lock(&tomoyo_query_list_lock);
1667 list_for_each(tmp, &tomoyo_query_list) { 1663 list_for_each(tmp, &tomoyo_query_list) {
1668 struct tomoyo_query_entry *ptr = 1664 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1669 list_entry(tmp, typeof(*ptr), list);
1670 if (ptr->answer) 1665 if (ptr->answer)
1671 continue; 1666 continue;
1672 if (pos++ != head->r.query_index) 1667 if (pos++ != head->r.query_index)
@@ -1685,8 +1680,7 @@ static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1685 pos = 0; 1680 pos = 0;
1686 spin_lock(&tomoyo_query_list_lock); 1681 spin_lock(&tomoyo_query_list_lock);
1687 list_for_each(tmp, &tomoyo_query_list) { 1682 list_for_each(tmp, &tomoyo_query_list) {
1688 struct tomoyo_query_entry *ptr = 1683 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1689 list_entry(tmp, typeof(*ptr), list);
1690 if (ptr->answer) 1684 if (ptr->answer)
1691 continue; 1685 continue;
1692 if (pos++ != head->r.query_index) 1686 if (pos++ != head->r.query_index)
@@ -1724,8 +1718,7 @@ static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1724 unsigned int answer; 1718 unsigned int answer;
1725 spin_lock(&tomoyo_query_list_lock); 1719 spin_lock(&tomoyo_query_list_lock);
1726 list_for_each(tmp, &tomoyo_query_list) { 1720 list_for_each(tmp, &tomoyo_query_list) {
1727 struct tomoyo_query_entry *ptr 1721 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1728 = list_entry(tmp, struct tomoyo_query_entry, list);
1729 ptr->timer = 0; 1722 ptr->timer = 0;
1730 } 1723 }
1731 spin_unlock(&tomoyo_query_list_lock); 1724 spin_unlock(&tomoyo_query_list_lock);
@@ -1733,8 +1726,7 @@ static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1733 return -EINVAL; 1726 return -EINVAL;
1734 spin_lock(&tomoyo_query_list_lock); 1727 spin_lock(&tomoyo_query_list_lock);
1735 list_for_each(tmp, &tomoyo_query_list) { 1728 list_for_each(tmp, &tomoyo_query_list) {
1736 struct tomoyo_query_entry *ptr 1729 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1737 = list_entry(tmp, struct tomoyo_query_entry, list);
1738 if (ptr->serial != serial) 1730 if (ptr->serial != serial)
1739 continue; 1731 continue;
1740 if (!ptr->answer) 1732 if (!ptr->answer)
@@ -1801,13 +1793,13 @@ int tomoyo_open_control(const u8 type, struct file *file)
1801 switch (type) { 1793 switch (type) {
1802 case TOMOYO_DOMAINPOLICY: 1794 case TOMOYO_DOMAINPOLICY:
1803 /* /sys/kernel/security/tomoyo/domain_policy */ 1795 /* /sys/kernel/security/tomoyo/domain_policy */
1804 head->write = tomoyo_write_domain_policy; 1796 head->write = tomoyo_write_domain;
1805 head->read = tomoyo_read_domain_policy; 1797 head->read = tomoyo_read_domain;
1806 break; 1798 break;
1807 case TOMOYO_EXCEPTIONPOLICY: 1799 case TOMOYO_EXCEPTIONPOLICY:
1808 /* /sys/kernel/security/tomoyo/exception_policy */ 1800 /* /sys/kernel/security/tomoyo/exception_policy */
1809 head->write = tomoyo_write_exception_policy; 1801 head->write = tomoyo_write_exception;
1810 head->read = tomoyo_read_exception_policy; 1802 head->read = tomoyo_read_exception;
1811 break; 1803 break;
1812 case TOMOYO_SELFDOMAIN: 1804 case TOMOYO_SELFDOMAIN:
1813 /* /sys/kernel/security/tomoyo/self_domain */ 1805 /* /sys/kernel/security/tomoyo/self_domain */
@@ -1846,8 +1838,8 @@ int tomoyo_open_control(const u8 type, struct file *file)
1846 break; 1838 break;
1847 case TOMOYO_MANAGER: 1839 case TOMOYO_MANAGER:
1848 /* /sys/kernel/security/tomoyo/manager */ 1840 /* /sys/kernel/security/tomoyo/manager */
1849 head->write = tomoyo_write_manager_policy; 1841 head->write = tomoyo_write_manager;
1850 head->read = tomoyo_read_manager_policy; 1842 head->read = tomoyo_read_manager;
1851 break; 1843 break;
1852 } 1844 }
1853 if (!(file->f_mode & FMODE_READ)) { 1845 if (!(file->f_mode & FMODE_READ)) {
@@ -1906,23 +1898,6 @@ int tomoyo_open_control(const u8 type, struct file *file)
1906} 1898}
1907 1899
1908/** 1900/**
1909 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
1910 *
1911 * @file: Pointer to "struct file".
1912 * @wait: Pointer to "poll_table".
1913 *
1914 * Waits for read readiness.
1915 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd .
1916 */
1917int tomoyo_poll_control(struct file *file, poll_table *wait)
1918{
1919 struct tomoyo_io_buffer *head = file->private_data;
1920 if (!head->poll)
1921 return -ENOSYS;
1922 return head->poll(file, wait);
1923}
1924
1925/**
1926 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 1901 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1927 * 1902 *
1928 * @file: Pointer to "struct file". 1903 * @file: Pointer to "struct file".
@@ -1979,8 +1954,7 @@ int tomoyo_write_control(struct file *file, const char __user *buffer,
1979 return -EFAULT; 1954 return -EFAULT;
1980 /* Don't allow updating policies by non manager programs. */ 1955 /* Don't allow updating policies by non manager programs. */
1981 if (head->write != tomoyo_write_pid && 1956 if (head->write != tomoyo_write_pid &&
1982 head->write != tomoyo_write_domain_policy && 1957 head->write != tomoyo_write_domain && !tomoyo_manager())
1983 !tomoyo_policy_manager())
1984 return -EPERM; 1958 return -EPERM;
1985 if (mutex_lock_interruptible(&head->io_sem)) 1959 if (mutex_lock_interruptible(&head->io_sem))
1986 return -EINTR; 1960 return -EINTR;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index ef8fecddb65a..b8b2dac656f1 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -310,10 +310,10 @@ struct tomoyo_path_info {
310}; 310};
311 311
312/* 312/*
313 * tomoyo_name_entry is a structure which is used for linking 313 * tomoyo_name is a structure which is used for linking
314 * "struct tomoyo_path_info" into tomoyo_name_list . 314 * "struct tomoyo_path_info" into tomoyo_name_list .
315 */ 315 */
316struct tomoyo_name_entry { 316struct tomoyo_name {
317 struct list_head list; 317 struct list_head list;
318 atomic_t users; 318 atomic_t users;
319 struct tomoyo_path_info entry; 319 struct tomoyo_path_info entry;
@@ -572,20 +572,20 @@ struct tomoyo_io_buffer {
572}; 572};
573 573
574/* 574/*
575 * tomoyo_globally_readable_file_entry is a structure which is used for holding 575 * tomoyo_readable_file is a structure which is used for holding
576 * "allow_read" entries. 576 * "allow_read" entries.
577 * It has following fields. 577 * It has following fields.
578 * 578 *
579 * (1) "head" is "struct tomoyo_acl_head". 579 * (1) "head" is "struct tomoyo_acl_head".
580 * (2) "filename" is a pathname which is allowed to open(O_RDONLY). 580 * (2) "filename" is a pathname which is allowed to open(O_RDONLY).
581 */ 581 */
582struct tomoyo_globally_readable_file_entry { 582struct tomoyo_readable_file {
583 struct tomoyo_acl_head head; 583 struct tomoyo_acl_head head;
584 const struct tomoyo_path_info *filename; 584 const struct tomoyo_path_info *filename;
585}; 585};
586 586
587/* 587/*
588 * tomoyo_pattern_entry is a structure which is used for holding 588 * tomoyo_no_pattern is a structure which is used for holding
589 * "file_pattern" entries. 589 * "file_pattern" entries.
590 * It has following fields. 590 * It has following fields.
591 * 591 *
@@ -593,13 +593,13 @@ struct tomoyo_globally_readable_file_entry {
593 * (2) "pattern" is a pathname pattern which is used for converting pathnames 593 * (2) "pattern" is a pathname pattern which is used for converting pathnames
594 * to pathname patterns during learning mode. 594 * to pathname patterns during learning mode.
595 */ 595 */
596struct tomoyo_pattern_entry { 596struct tomoyo_no_pattern {
597 struct tomoyo_acl_head head; 597 struct tomoyo_acl_head head;
598 const struct tomoyo_path_info *pattern; 598 const struct tomoyo_path_info *pattern;
599}; 599};
600 600
601/* 601/*
602 * tomoyo_no_rewrite_entry is a structure which is used for holding 602 * tomoyo_no_rewrite is a structure which is used for holding
603 * "deny_rewrite" entries. 603 * "deny_rewrite" entries.
604 * It has following fields. 604 * It has following fields.
605 * 605 *
@@ -607,7 +607,7 @@ struct tomoyo_pattern_entry {
607 * (2) "pattern" is a pathname which is by default not permitted to modify 607 * (2) "pattern" is a pathname which is by default not permitted to modify
608 * already existing content. 608 * already existing content.
609 */ 609 */
610struct tomoyo_no_rewrite_entry { 610struct tomoyo_no_rewrite {
611 struct tomoyo_acl_head head; 611 struct tomoyo_acl_head head;
612 const struct tomoyo_path_info *pattern; 612 const struct tomoyo_path_info *pattern;
613}; 613};
@@ -636,7 +636,7 @@ struct tomoyo_transition_control {
636}; 636};
637 637
638/* 638/*
639 * tomoyo_aggregator_entry is a structure which is used for holding 639 * tomoyo_aggregator is a structure which is used for holding
640 * "aggregator" entries. 640 * "aggregator" entries.
641 * It has following fields. 641 * It has following fields.
642 * 642 *
@@ -644,14 +644,14 @@ struct tomoyo_transition_control {
644 * (2) "original_name" which is originally requested name. 644 * (2) "original_name" which is originally requested name.
645 * (3) "aggregated_name" which is name to rewrite. 645 * (3) "aggregated_name" which is name to rewrite.
646 */ 646 */
647struct tomoyo_aggregator_entry { 647struct tomoyo_aggregator {
648 struct tomoyo_acl_head head; 648 struct tomoyo_acl_head head;
649 const struct tomoyo_path_info *original_name; 649 const struct tomoyo_path_info *original_name;
650 const struct tomoyo_path_info *aggregated_name; 650 const struct tomoyo_path_info *aggregated_name;
651}; 651};
652 652
653/* 653/*
654 * tomoyo_policy_manager_entry is a structure which is used for holding list of 654 * tomoyo_manager is a structure which is used for holding list of
655 * domainnames or programs which are permitted to modify configuration via 655 * domainnames or programs which are permitted to modify configuration via
656 * /sys/kernel/security/tomoyo/ interface. 656 * /sys/kernel/security/tomoyo/ interface.
657 * It has following fields. 657 * It has following fields.
@@ -661,7 +661,7 @@ struct tomoyo_aggregator_entry {
661 * otherwise. 661 * otherwise.
662 * (3) "manager" is a domainname or a program's pathname. 662 * (3) "manager" is a domainname or a program's pathname.
663 */ 663 */
664struct tomoyo_policy_manager_entry { 664struct tomoyo_manager {
665 struct tomoyo_acl_head head; 665 struct tomoyo_acl_head head;
666 bool is_domain; /* True if manager is a domainname. */ 666 bool is_domain; /* True if manager is a domainname. */
667 /* A path to program or a domainname. */ 667 /* A path to program or a domainname. */
@@ -749,8 +749,6 @@ bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num);
749bool tomoyo_tokenize(char *buffer, char *w[], size_t size); 749bool tomoyo_tokenize(char *buffer, char *w[], size_t size);
750/* Write domain policy violation warning message to console? */ 750/* Write domain policy violation warning message to console? */
751bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); 751bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain);
752/* Get the last component of the given domainname. */
753const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);
754/* Fill "struct tomoyo_request_info". */ 752/* Fill "struct tomoyo_request_info". */
755int tomoyo_init_request_info(struct tomoyo_request_info *r, 753int tomoyo_init_request_info(struct tomoyo_request_info *r,
756 struct tomoyo_domain_info *domain, 754 struct tomoyo_domain_info *domain,
@@ -759,7 +757,7 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r,
759int tomoyo_mount_permission(char *dev_name, struct path *path, char *type, 757int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
760 unsigned long flags, void *data_page); 758 unsigned long flags, void *data_page);
761/* Create "aggregator" entry in exception policy. */ 759/* Create "aggregator" entry in exception policy. */
762int tomoyo_write_aggregator_policy(char *data, const bool is_delete); 760int tomoyo_write_aggregator(char *data, const bool is_delete);
763int tomoyo_write_transition_control(char *data, const bool is_delete, 761int tomoyo_write_transition_control(char *data, const bool is_delete,
764 const u8 type); 762 const u8 type);
765/* 763/*
@@ -769,17 +767,17 @@ int tomoyo_write_transition_control(char *data, const bool is_delete,
769 * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_rename" and 767 * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_rename" and
770 * "allow_link" entry in domain policy. 768 * "allow_link" entry in domain policy.
771 */ 769 */
772int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain, 770int tomoyo_write_file(char *data, struct tomoyo_domain_info *domain,
773 const bool is_delete); 771 const bool is_delete);
774/* Create "allow_read" entry in exception policy. */ 772/* Create "allow_read" entry in exception policy. */
775int tomoyo_write_globally_readable_policy(char *data, const bool is_delete); 773int tomoyo_write_globally_readable(char *data, const bool is_delete);
776/* Create "allow_mount" entry in domain policy. */ 774/* Create "allow_mount" entry in domain policy. */
777int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain, 775int tomoyo_write_mount(char *data, struct tomoyo_domain_info *domain,
778 const bool is_delete); 776 const bool is_delete);
779/* Create "deny_rewrite" entry in exception policy. */ 777/* Create "deny_rewrite" entry in exception policy. */
780int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete); 778int tomoyo_write_no_rewrite(char *data, const bool is_delete);
781/* Create "file_pattern" entry in exception policy. */ 779/* Create "file_pattern" entry in exception policy. */
782int tomoyo_write_pattern_policy(char *data, const bool is_delete); 780int tomoyo_write_pattern(char *data, const bool is_delete);
783/* Create "path_group"/"number_group" entry in exception policy. */ 781/* Create "path_group"/"number_group" entry in exception policy. */
784int tomoyo_write_group(char *data, const bool is_delete, const u8 type); 782int tomoyo_write_group(char *data, const bool is_delete, const u8 type);
785int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 783int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
@@ -787,9 +785,8 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
787/* Find a domain by the given name. */ 785/* Find a domain by the given name. */
788struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); 786struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
789/* Find or create a domain by the given name. */ 787/* Find or create a domain by the given name. */
790struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * 788struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
791 domainname, 789 const u8 profile);
792 const u8 profile);
793struct tomoyo_profile *tomoyo_profile(const u8 profile); 790struct tomoyo_profile *tomoyo_profile(const u8 profile);
794/* 791/*
795 * Allocate memory for "struct tomoyo_path_group"/"struct tomoyo_number_group". 792 * Allocate memory for "struct tomoyo_path_group"/"struct tomoyo_number_group".
@@ -820,7 +817,7 @@ char *tomoyo_realpath_nofollow(const char *pathname);
820 */ 817 */
821char *tomoyo_realpath_from_path(struct path *path); 818char *tomoyo_realpath_from_path(struct path *path);
822/* Get patterned pathname. */ 819/* Get patterned pathname. */
823const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename); 820const char *tomoyo_pattern(const struct tomoyo_path_info *filename);
824 821
825/* Check memory quota. */ 822/* Check memory quota. */
826bool tomoyo_memory_ok(void *ptr); 823bool tomoyo_memory_ok(void *ptr);
@@ -882,7 +879,6 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
882void tomoyo_check_acl(struct tomoyo_request_info *r, 879void tomoyo_check_acl(struct tomoyo_request_info *r,
883 bool (*check_entry) (const struct tomoyo_request_info *, 880 bool (*check_entry) (const struct tomoyo_request_info *,
884 const struct tomoyo_acl_info *)); 881 const struct tomoyo_acl_info *));
885const char *tomoyo_last_word(const char *name);
886 882
887/********** External variable definitions. **********/ 883/********** External variable definitions. **********/
888 884
@@ -959,8 +955,8 @@ static inline bool tomoyo_invalid(const unsigned char c)
959static inline void tomoyo_put_name(const struct tomoyo_path_info *name) 955static inline void tomoyo_put_name(const struct tomoyo_path_info *name)
960{ 956{
961 if (name) { 957 if (name) {
962 struct tomoyo_name_entry *ptr = 958 struct tomoyo_name *ptr =
963 container_of(name, struct tomoyo_name_entry, entry); 959 container_of(name, typeof(*ptr), entry);
964 atomic_dec(&ptr->users); 960 atomic_dec(&ptr->users);
965 } 961 }
966} 962}
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 05450b17c57f..4e0101b0041a 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -134,26 +134,22 @@ struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
134struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; 134struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
135 135
136/** 136/**
137 * tomoyo_get_last_name - Get last component of a domainname. 137 * tomoyo_last_word - Get last component of a domainname.
138 * 138 *
139 * @domain: Pointer to "struct tomoyo_domain_info". 139 * @domainname: Domainname to check.
140 * 140 *
141 * Returns the last component of the domainname. 141 * Returns the last word of @domainname.
142 */ 142 */
143const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain) 143static const char *tomoyo_last_word(const char *name)
144{ 144{
145 const char *cp0 = domain->domainname->name; 145 const char *cp = strrchr(name, ' ');
146 const char *cp1 = strrchr(cp0, ' '); 146 if (cp)
147 147 return cp + 1;
148 if (cp1) 148 return name;
149 return cp1 + 1;
150 return cp0;
151} 149}
152 150
153static bool tomoyo_same_transition_control_entry(const struct tomoyo_acl_head * 151static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a,
154 a, 152 const struct tomoyo_acl_head *b)
155 const struct tomoyo_acl_head *
156 b)
157{ 153{
158 const struct tomoyo_transition_control *p1 = container_of(a, 154 const struct tomoyo_transition_control *p1 = container_of(a,
159 typeof(*p1), 155 typeof(*p1),
@@ -203,7 +199,7 @@ static int tomoyo_update_transition_control_entry(const char *domainname,
203 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 199 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
204 &tomoyo_policy_list 200 &tomoyo_policy_list
205 [TOMOYO_ID_TRANSITION_CONTROL], 201 [TOMOYO_ID_TRANSITION_CONTROL],
206 tomoyo_same_transition_control_entry); 202 tomoyo_same_transition_control);
207 out: 203 out:
208 tomoyo_put_name(e.domainname); 204 tomoyo_put_name(e.domainname);
209 tomoyo_put_name(e.program); 205 tomoyo_put_name(e.program);
@@ -292,19 +288,17 @@ static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname,
292 return type; 288 return type;
293} 289}
294 290
295static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a, 291static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a,
296 const struct tomoyo_acl_head *b) 292 const struct tomoyo_acl_head *b)
297{ 293{
298 const struct tomoyo_aggregator_entry *p1 = container_of(a, typeof(*p1), 294 const struct tomoyo_aggregator *p1 = container_of(a, typeof(*p1), head);
299 head); 295 const struct tomoyo_aggregator *p2 = container_of(b, typeof(*p2), head);
300 const struct tomoyo_aggregator_entry *p2 = container_of(b, typeof(*p2),
301 head);
302 return p1->original_name == p2->original_name && 296 return p1->original_name == p2->original_name &&
303 p1->aggregated_name == p2->aggregated_name; 297 p1->aggregated_name == p2->aggregated_name;
304} 298}
305 299
306/** 300/**
307 * tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator_entry" list. 301 * tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator" list.
308 * 302 *
309 * @original_name: The original program's name. 303 * @original_name: The original program's name.
310 * @aggregated_name: The program name to use. 304 * @aggregated_name: The program name to use.
@@ -318,7 +312,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
318 const char *aggregated_name, 312 const char *aggregated_name,
319 const bool is_delete) 313 const bool is_delete)
320{ 314{
321 struct tomoyo_aggregator_entry e = { }; 315 struct tomoyo_aggregator e = { };
322 int error = is_delete ? -ENOENT : -ENOMEM; 316 int error = is_delete ? -ENOENT : -ENOMEM;
323 317
324 if (!tomoyo_correct_path(original_name) || 318 if (!tomoyo_correct_path(original_name) ||
@@ -331,7 +325,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
331 goto out; 325 goto out;
332 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 326 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
333 &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR], 327 &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR],
334 tomoyo_same_aggregator_entry); 328 tomoyo_same_aggregator);
335 out: 329 out:
336 tomoyo_put_name(e.original_name); 330 tomoyo_put_name(e.original_name);
337 tomoyo_put_name(e.aggregated_name); 331 tomoyo_put_name(e.aggregated_name);
@@ -339,7 +333,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
339} 333}
340 334
341/** 335/**
342 * tomoyo_write_aggregator_policy - Write "struct tomoyo_aggregator_entry" list. 336 * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
343 * 337 *
344 * @data: String to parse. 338 * @data: String to parse.
345 * @is_delete: True if it is a delete request. 339 * @is_delete: True if it is a delete request.
@@ -348,7 +342,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
348 * 342 *
349 * Caller holds tomoyo_read_lock(). 343 * Caller holds tomoyo_read_lock().
350 */ 344 */
351int tomoyo_write_aggregator_policy(char *data, const bool is_delete) 345int tomoyo_write_aggregator(char *data, const bool is_delete)
352{ 346{
353 char *cp = strchr(data, ' '); 347 char *cp = strchr(data, ' ');
354 348
@@ -359,7 +353,7 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete)
359} 353}
360 354
361/** 355/**
362 * tomoyo_find_or_assign_new_domain - Create a domain. 356 * tomoyo_assign_domain - Create a domain.
363 * 357 *
364 * @domainname: The name of domain. 358 * @domainname: The name of domain.
365 * @profile: Profile number to assign if the domain was newly created. 359 * @profile: Profile number to assign if the domain was newly created.
@@ -368,9 +362,8 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete)
368 * 362 *
369 * Caller holds tomoyo_read_lock(). 363 * Caller holds tomoyo_read_lock().
370 */ 364 */
371struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * 365struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
372 domainname, 366 const u8 profile)
373 const u8 profile)
374{ 367{
375 struct tomoyo_domain_info *entry; 368 struct tomoyo_domain_info *entry;
376 struct tomoyo_domain_info *domain = NULL; 369 struct tomoyo_domain_info *domain = NULL;
@@ -430,10 +423,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
430 int retval = -ENOMEM; 423 int retval = -ENOMEM;
431 bool need_kfree = false; 424 bool need_kfree = false;
432 struct tomoyo_path_info rn = { }; /* real name */ 425 struct tomoyo_path_info rn = { }; /* real name */
433 struct tomoyo_path_info ln; /* last name */
434 426
435 ln.name = tomoyo_get_last_name(old_domain);
436 tomoyo_fill_path_info(&ln);
437 mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); 427 mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
438 is_enforce = (mode == TOMOYO_CONFIG_ENFORCING); 428 is_enforce = (mode == TOMOYO_CONFIG_ENFORCING);
439 if (!tmp) 429 if (!tmp)
@@ -454,7 +444,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
454 444
455 /* Check 'aggregator' directive. */ 445 /* Check 'aggregator' directive. */
456 { 446 {
457 struct tomoyo_aggregator_entry *ptr; 447 struct tomoyo_aggregator *ptr;
458 list_for_each_entry_rcu(ptr, &tomoyo_policy_list 448 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
459 [TOMOYO_ID_AGGREGATOR], head.list) { 449 [TOMOYO_ID_AGGREGATOR], head.list) {
460 if (ptr->head.is_deleted || 450 if (ptr->head.is_deleted ||
@@ -517,7 +507,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
517 if (error < 0) 507 if (error < 0)
518 goto done; 508 goto done;
519 } 509 }
520 domain = tomoyo_find_or_assign_new_domain(tmp, old_domain->profile); 510 domain = tomoyo_assign_domain(tmp, old_domain->profile);
521 done: 511 done:
522 if (domain) 512 if (domain)
523 goto out; 513 goto out;
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index e7687ebdc5f6..f7877fa80f14 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -179,7 +179,7 @@ static int tomoyo_audit_path_log(struct tomoyo_request_info *r)
179 return 0; 179 return 0;
180 tomoyo_warn_log(r, "%s %s", operation, filename->name); 180 tomoyo_warn_log(r, "%s %s", operation, filename->name);
181 return tomoyo_supervisor(r, "allow_%s %s\n", operation, 181 return tomoyo_supervisor(r, "allow_%s %s\n", operation,
182 tomoyo_file_pattern(filename)); 182 tomoyo_pattern(filename));
183} 183}
184 184
185/** 185/**
@@ -199,8 +199,8 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r)
199 tomoyo_warn_log(r, "%s %s %s", operation, filename1->name, 199 tomoyo_warn_log(r, "%s %s %s", operation, filename1->name,
200 filename2->name); 200 filename2->name);
201 return tomoyo_supervisor(r, "allow_%s %s %s\n", operation, 201 return tomoyo_supervisor(r, "allow_%s %s %s\n", operation,
202 tomoyo_file_pattern(filename1), 202 tomoyo_pattern(filename1),
203 tomoyo_file_pattern(filename2)); 203 tomoyo_pattern(filename2));
204} 204}
205 205
206/** 206/**
@@ -222,8 +222,7 @@ static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r)
222 tomoyo_warn_log(r, "%s %s 0%o %u %u", operation, filename->name, mode, 222 tomoyo_warn_log(r, "%s %s 0%o %u %u", operation, filename->name, mode,
223 major, minor); 223 major, minor);
224 return tomoyo_supervisor(r, "allow_%s %s 0%o %u %u\n", operation, 224 return tomoyo_supervisor(r, "allow_%s %s 0%o %u %u\n", operation,
225 tomoyo_file_pattern(filename), mode, major, 225 tomoyo_pattern(filename), mode, major, minor);
226 minor);
227} 226}
228 227
229/** 228/**
@@ -262,20 +261,20 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r)
262 radix); 261 radix);
263 tomoyo_warn_log(r, "%s %s %s", operation, filename->name, buffer); 262 tomoyo_warn_log(r, "%s %s %s", operation, filename->name, buffer);
264 return tomoyo_supervisor(r, "allow_%s %s %s\n", operation, 263 return tomoyo_supervisor(r, "allow_%s %s %s\n", operation,
265 tomoyo_file_pattern(filename), buffer); 264 tomoyo_pattern(filename), buffer);
266} 265}
267 266
268static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a, 267static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a,
269 const struct tomoyo_acl_head *b) 268 const struct tomoyo_acl_head *b)
270{ 269{
271 return container_of(a, struct tomoyo_globally_readable_file_entry, 270 return container_of(a, struct tomoyo_readable_file,
272 head)->filename == 271 head)->filename ==
273 container_of(b, struct tomoyo_globally_readable_file_entry, 272 container_of(b, struct tomoyo_readable_file,
274 head)->filename; 273 head)->filename;
275} 274}
276 275
277/** 276/**
278 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list. 277 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_readable_file" list.
279 * 278 *
280 * @filename: Filename unconditionally permitted to open() for reading. 279 * @filename: Filename unconditionally permitted to open() for reading.
281 * @is_delete: True if it is a delete request. 280 * @is_delete: True if it is a delete request.
@@ -287,7 +286,7 @@ static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a,
287static int tomoyo_update_globally_readable_entry(const char *filename, 286static int tomoyo_update_globally_readable_entry(const char *filename,
288 const bool is_delete) 287 const bool is_delete)
289{ 288{
290 struct tomoyo_globally_readable_file_entry e = { }; 289 struct tomoyo_readable_file e = { };
291 int error; 290 int error;
292 291
293 if (!tomoyo_correct_word(filename)) 292 if (!tomoyo_correct_word(filename))
@@ -315,7 +314,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
315static bool tomoyo_globally_readable_file(const struct tomoyo_path_info * 314static bool tomoyo_globally_readable_file(const struct tomoyo_path_info *
316 filename) 315 filename)
317{ 316{
318 struct tomoyo_globally_readable_file_entry *ptr; 317 struct tomoyo_readable_file *ptr;
319 bool found = false; 318 bool found = false;
320 319
321 list_for_each_entry_rcu(ptr, &tomoyo_policy_list 320 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
@@ -330,7 +329,7 @@ static bool tomoyo_globally_readable_file(const struct tomoyo_path_info *
330} 329}
331 330
332/** 331/**
333 * tomoyo_write_globally_readable_policy - Write "struct tomoyo_globally_readable_file_entry" list. 332 * tomoyo_write_globally_readable - Write "struct tomoyo_readable_file" list.
334 * 333 *
335 * @data: String to parse. 334 * @data: String to parse.
336 * @is_delete: True if it is a delete request. 335 * @is_delete: True if it is a delete request.
@@ -339,7 +338,7 @@ static bool tomoyo_globally_readable_file(const struct tomoyo_path_info *
339 * 338 *
340 * Caller holds tomoyo_read_lock(). 339 * Caller holds tomoyo_read_lock().
341 */ 340 */
342int tomoyo_write_globally_readable_policy(char *data, const bool is_delete) 341int tomoyo_write_globally_readable(char *data, const bool is_delete)
343{ 342{
344 return tomoyo_update_globally_readable_entry(data, is_delete); 343 return tomoyo_update_globally_readable_entry(data, is_delete);
345} 344}
@@ -347,12 +346,12 @@ int tomoyo_write_globally_readable_policy(char *data, const bool is_delete)
347static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, 346static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a,
348 const struct tomoyo_acl_head *b) 347 const struct tomoyo_acl_head *b)
349{ 348{
350 return container_of(a, struct tomoyo_pattern_entry, head)->pattern == 349 return container_of(a, struct tomoyo_no_pattern, head)->pattern ==
351 container_of(b, struct tomoyo_pattern_entry, head)->pattern; 350 container_of(b, struct tomoyo_no_pattern, head)->pattern;
352} 351}
353 352
354/** 353/**
355 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list. 354 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_no_pattern" list.
356 * 355 *
357 * @pattern: Pathname pattern. 356 * @pattern: Pathname pattern.
358 * @is_delete: True if it is a delete request. 357 * @is_delete: True if it is a delete request.
@@ -364,7 +363,7 @@ static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a,
364static int tomoyo_update_file_pattern_entry(const char *pattern, 363static int tomoyo_update_file_pattern_entry(const char *pattern,
365 const bool is_delete) 364 const bool is_delete)
366{ 365{
367 struct tomoyo_pattern_entry e = { }; 366 struct tomoyo_no_pattern e = { };
368 int error; 367 int error;
369 368
370 if (!tomoyo_correct_word(pattern)) 369 if (!tomoyo_correct_word(pattern))
@@ -380,7 +379,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
380} 379}
381 380
382/** 381/**
383 * tomoyo_file_pattern - Get patterned pathname. 382 * tomoyo_pattern - Get patterned pathname.
384 * 383 *
385 * @filename: The filename to find patterned pathname. 384 * @filename: The filename to find patterned pathname.
386 * 385 *
@@ -388,9 +387,9 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
388 * 387 *
389 * Caller holds tomoyo_read_lock(). 388 * Caller holds tomoyo_read_lock().
390 */ 389 */
391const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename) 390const char *tomoyo_pattern(const struct tomoyo_path_info *filename)
392{ 391{
393 struct tomoyo_pattern_entry *ptr; 392 struct tomoyo_no_pattern *ptr;
394 const struct tomoyo_path_info *pattern = NULL; 393 const struct tomoyo_path_info *pattern = NULL;
395 394
396 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_PATTERN], 395 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_PATTERN],
@@ -413,7 +412,7 @@ const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename)
413} 412}
414 413
415/** 414/**
416 * tomoyo_write_pattern_policy - Write "struct tomoyo_pattern_entry" list. 415 * tomoyo_write_pattern - Write "struct tomoyo_no_pattern" list.
417 * 416 *
418 * @data: String to parse. 417 * @data: String to parse.
419 * @is_delete: True if it is a delete request. 418 * @is_delete: True if it is a delete request.
@@ -422,7 +421,7 @@ const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename)
422 * 421 *
423 * Caller holds tomoyo_read_lock(). 422 * Caller holds tomoyo_read_lock().
424 */ 423 */
425int tomoyo_write_pattern_policy(char *data, const bool is_delete) 424int tomoyo_write_pattern(char *data, const bool is_delete)
426{ 425{
427 return tomoyo_update_file_pattern_entry(data, is_delete); 426 return tomoyo_update_file_pattern_entry(data, is_delete);
428} 427}
@@ -430,13 +429,13 @@ int tomoyo_write_pattern_policy(char *data, const bool is_delete)
430static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, 429static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a,
431 const struct tomoyo_acl_head *b) 430 const struct tomoyo_acl_head *b)
432{ 431{
433 return container_of(a, struct tomoyo_no_rewrite_entry, head)->pattern 432 return container_of(a, struct tomoyo_no_rewrite, head)->pattern
434 == container_of(b, struct tomoyo_no_rewrite_entry, head) 433 == container_of(b, struct tomoyo_no_rewrite, head)
435 ->pattern; 434 ->pattern;
436} 435}
437 436
438/** 437/**
439 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list. 438 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite" list.
440 * 439 *
441 * @pattern: Pathname pattern that are not rewritable by default. 440 * @pattern: Pathname pattern that are not rewritable by default.
442 * @is_delete: True if it is a delete request. 441 * @is_delete: True if it is a delete request.
@@ -448,7 +447,7 @@ static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a,
448static int tomoyo_update_no_rewrite_entry(const char *pattern, 447static int tomoyo_update_no_rewrite_entry(const char *pattern,
449 const bool is_delete) 448 const bool is_delete)
450{ 449{
451 struct tomoyo_no_rewrite_entry e = { }; 450 struct tomoyo_no_rewrite e = { };
452 int error; 451 int error;
453 452
454 if (!tomoyo_correct_word(pattern)) 453 if (!tomoyo_correct_word(pattern))
@@ -475,7 +474,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
475 */ 474 */
476static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename) 475static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename)
477{ 476{
478 struct tomoyo_no_rewrite_entry *ptr; 477 struct tomoyo_no_rewrite *ptr;
479 bool found = false; 478 bool found = false;
480 479
481 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE], 480 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE],
@@ -491,7 +490,7 @@ static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename)
491} 490}
492 491
493/** 492/**
494 * tomoyo_write_no_rewrite_policy - Write "struct tomoyo_no_rewrite_entry" list. 493 * tomoyo_write_no_rewrite - Write "struct tomoyo_no_rewrite" list.
495 * 494 *
496 * @data: String to parse. 495 * @data: String to parse.
497 * @is_delete: True if it is a delete request. 496 * @is_delete: True if it is a delete request.
@@ -500,7 +499,7 @@ static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename)
500 * 499 *
501 * Caller holds tomoyo_read_lock(). 500 * Caller holds tomoyo_read_lock().
502 */ 501 */
503int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete) 502int tomoyo_write_no_rewrite(char *data, const bool is_delete)
504{ 503{
505 return tomoyo_update_no_rewrite_entry(data, is_delete); 504 return tomoyo_update_no_rewrite_entry(data, is_delete);
506} 505}
@@ -1121,7 +1120,7 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
1121} 1120}
1122 1121
1123/** 1122/**
1124 * tomoyo_write_file_policy - Update file related list. 1123 * tomoyo_write_file - Update file related list.
1125 * 1124 *
1126 * @data: String to parse. 1125 * @data: String to parse.
1127 * @domain: Pointer to "struct tomoyo_domain_info". 1126 * @domain: Pointer to "struct tomoyo_domain_info".
@@ -1131,8 +1130,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
1131 * 1130 *
1132 * Caller holds tomoyo_read_lock(). 1131 * Caller holds tomoyo_read_lock().
1133 */ 1132 */
1134int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain, 1133int tomoyo_write_file(char *data, struct tomoyo_domain_info *domain,
1135 const bool is_delete) 1134 const bool is_delete)
1136{ 1135{
1137 char *w[5]; 1136 char *w[5];
1138 u8 type; 1137 u8 type;
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 254ac1145552..a877e4c3b101 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -11,7 +11,7 @@
11#include <linux/kthread.h> 11#include <linux/kthread.h>
12#include <linux/slab.h> 12#include <linux/slab.h>
13 13
14struct tomoyo_gc_entry { 14struct tomoyo_gc {
15 struct list_head list; 15 struct list_head list;
16 int type; 16 int type;
17 struct list_head *element; 17 struct list_head *element;
@@ -22,7 +22,7 @@ static DEFINE_MUTEX(tomoyo_gc_mutex);
22/* Caller holds tomoyo_policy_lock mutex. */ 22/* Caller holds tomoyo_policy_lock mutex. */
23static bool tomoyo_add_to_gc(const int type, struct list_head *element) 23static bool tomoyo_add_to_gc(const int type, struct list_head *element)
24{ 24{
25 struct tomoyo_gc_entry *entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 25 struct tomoyo_gc *entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
26 if (!entry) 26 if (!entry)
27 return false; 27 return false;
28 entry->type = type; 28 entry->type = type;
@@ -34,21 +34,21 @@ static bool tomoyo_add_to_gc(const int type, struct list_head *element)
34 34
35static void tomoyo_del_allow_read(struct list_head *element) 35static void tomoyo_del_allow_read(struct list_head *element)
36{ 36{
37 struct tomoyo_globally_readable_file_entry *ptr = 37 struct tomoyo_readable_file *ptr =
38 container_of(element, typeof(*ptr), head.list); 38 container_of(element, typeof(*ptr), head.list);
39 tomoyo_put_name(ptr->filename); 39 tomoyo_put_name(ptr->filename);
40} 40}
41 41
42static void tomoyo_del_file_pattern(struct list_head *element) 42static void tomoyo_del_file_pattern(struct list_head *element)
43{ 43{
44 struct tomoyo_pattern_entry *ptr = 44 struct tomoyo_no_pattern *ptr =
45 container_of(element, typeof(*ptr), head.list); 45 container_of(element, typeof(*ptr), head.list);
46 tomoyo_put_name(ptr->pattern); 46 tomoyo_put_name(ptr->pattern);
47} 47}
48 48
49static void tomoyo_del_no_rewrite(struct list_head *element) 49static void tomoyo_del_no_rewrite(struct list_head *element)
50{ 50{
51 struct tomoyo_no_rewrite_entry *ptr = 51 struct tomoyo_no_rewrite *ptr =
52 container_of(element, typeof(*ptr), head.list); 52 container_of(element, typeof(*ptr), head.list);
53 tomoyo_put_name(ptr->pattern); 53 tomoyo_put_name(ptr->pattern);
54} 54}
@@ -63,7 +63,7 @@ static void tomoyo_del_transition_control(struct list_head *element)
63 63
64static void tomoyo_del_aggregator(struct list_head *element) 64static void tomoyo_del_aggregator(struct list_head *element)
65{ 65{
66 struct tomoyo_aggregator_entry *ptr = 66 struct tomoyo_aggregator *ptr =
67 container_of(element, typeof(*ptr), head.list); 67 container_of(element, typeof(*ptr), head.list);
68 tomoyo_put_name(ptr->original_name); 68 tomoyo_put_name(ptr->original_name);
69 tomoyo_put_name(ptr->aggregated_name); 69 tomoyo_put_name(ptr->aggregated_name);
@@ -71,7 +71,7 @@ static void tomoyo_del_aggregator(struct list_head *element)
71 71
72static void tomoyo_del_manager(struct list_head *element) 72static void tomoyo_del_manager(struct list_head *element)
73{ 73{
74 struct tomoyo_policy_manager_entry *ptr = 74 struct tomoyo_manager *ptr =
75 container_of(element, typeof(*ptr), head.list); 75 container_of(element, typeof(*ptr), head.list);
76 tomoyo_put_name(ptr->manager); 76 tomoyo_put_name(ptr->manager);
77} 77}
@@ -168,7 +168,7 @@ static bool tomoyo_del_domain(struct list_head *element)
168 168
169static void tomoyo_del_name(struct list_head *element) 169static void tomoyo_del_name(struct list_head *element)
170{ 170{
171 const struct tomoyo_name_entry *ptr = 171 const struct tomoyo_name *ptr =
172 container_of(element, typeof(*ptr), list); 172 container_of(element, typeof(*ptr), list);
173} 173}
174 174
@@ -242,7 +242,7 @@ static void tomoyo_collect_entry(void)
242 } 242 }
243 } 243 }
244 for (i = 0; i < TOMOYO_MAX_HASH; i++) { 244 for (i = 0; i < TOMOYO_MAX_HASH; i++) {
245 struct tomoyo_name_entry *ptr; 245 struct tomoyo_name *ptr;
246 list_for_each_entry_rcu(ptr, &tomoyo_name_list[i], list) { 246 list_for_each_entry_rcu(ptr, &tomoyo_name_list[i], list) {
247 if (atomic_read(&ptr->users)) 247 if (atomic_read(&ptr->users))
248 continue; 248 continue;
@@ -278,8 +278,8 @@ static void tomoyo_collect_entry(void)
278 278
279static void tomoyo_kfree_entry(void) 279static void tomoyo_kfree_entry(void)
280{ 280{
281 struct tomoyo_gc_entry *p; 281 struct tomoyo_gc *p;
282 struct tomoyo_gc_entry *tmp; 282 struct tomoyo_gc *tmp;
283 283
284 list_for_each_entry_safe(p, tmp, &tomoyo_gc_queue, list) { 284 list_for_each_entry_safe(p, tmp, &tomoyo_gc_queue, list) {
285 struct list_head *element = p->element; 285 struct list_head *element = p->element;
diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c
index a4aba4d9ca2e..297612669c74 100644
--- a/security/tomoyo/memory.c
+++ b/security/tomoyo/memory.c
@@ -150,7 +150,7 @@ struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
150 */ 150 */
151const struct tomoyo_path_info *tomoyo_get_name(const char *name) 151const struct tomoyo_path_info *tomoyo_get_name(const char *name)
152{ 152{
153 struct tomoyo_name_entry *ptr; 153 struct tomoyo_name *ptr;
154 unsigned int hash; 154 unsigned int hash;
155 int len; 155 int len;
156 int allocated_len; 156 int allocated_len;
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 7872226f72ee..cfeff871908e 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -55,8 +55,8 @@ static int tomoyo_audit_mount_log(struct tomoyo_request_info *r)
55 flags); 55 flags);
56 return tomoyo_supervisor(r, 56 return tomoyo_supervisor(r,
57 TOMOYO_KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n", 57 TOMOYO_KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n",
58 tomoyo_file_pattern(r->param.mount.dev), 58 tomoyo_pattern(r->param.mount.dev),
59 tomoyo_file_pattern(r->param.mount.dir), type, 59 tomoyo_pattern(r->param.mount.dir), type,
60 flags); 60 flags);
61} 61}
62 62
@@ -250,7 +250,7 @@ static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a,
250} 250}
251 251
252/** 252/**
253 * tomoyo_write_mount_policy - Write "struct tomoyo_mount_acl" list. 253 * tomoyo_write_mount - Write "struct tomoyo_mount_acl" list.
254 * 254 *
255 * @data: String to parse. 255 * @data: String to parse.
256 * @domain: Pointer to "struct tomoyo_domain_info". 256 * @domain: Pointer to "struct tomoyo_domain_info".
@@ -260,8 +260,8 @@ static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a,
260 * 260 *
261 * Caller holds tomoyo_read_lock(). 261 * Caller holds tomoyo_read_lock().
262 */ 262 */
263int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain, 263int tomoyo_write_mount(char *data, struct tomoyo_domain_info *domain,
264 const bool is_delete) 264 const bool is_delete)
265{ 265{
266 struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL }; 266 struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL };
267 int error = is_delete ? -ENOENT : -ENOMEM; 267 int error = is_delete ? -ENOENT : -ENOMEM;
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index 12a768e6ee3f..150167d0cc3a 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -26,7 +26,7 @@ bool tomoyo_policy_loaded;
26 * The @src is updated to point the first character after the value 26 * The @src is updated to point the first character after the value
27 * on success. 27 * on success.
28 */ 28 */
29u8 tomoyo_parse_ulong(unsigned long *result, char **str) 29static u8 tomoyo_parse_ulong(unsigned long *result, char **str)
30{ 30{
31 const char *cp = *str; 31 const char *cp = *str;
32 char *ep; 32 char *ep;