diff options
-rw-r--r-- | security/tomoyo/common.c | 226 | ||||
-rw-r--r-- | security/tomoyo/common.h | 54 | ||||
-rw-r--r-- | security/tomoyo/domain.c | 60 | ||||
-rw-r--r-- | security/tomoyo/file.c | 63 | ||||
-rw-r--r-- | security/tomoyo/gc.c | 22 | ||||
-rw-r--r-- | security/tomoyo/memory.c | 2 | ||||
-rw-r--r-- | security/tomoyo/mount.c | 10 | ||||
-rw-r--r-- | security/tomoyo/util.c | 2 |
8 files changed, 199 insertions, 240 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 30e4b08905e3..65c18af3ffe5 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -248,14 +248,13 @@ static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, | |||
248 | } | 248 | } |
249 | 249 | ||
250 | /** | 250 | /** |
251 | * tomoyo_find_or_assign_new_profile - Create a new profile. | 251 | * tomoyo_assign_profile - Create a new profile. |
252 | * | 252 | * |
253 | * @profile: Profile number to create. | 253 | * @profile: Profile number to create. |
254 | * | 254 | * |
255 | * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. | 255 | * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. |
256 | */ | 256 | */ |
257 | static struct tomoyo_profile *tomoyo_find_or_assign_new_profile | 257 | static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) |
258 | (const unsigned int profile) | ||
259 | { | 258 | { |
260 | struct tomoyo_profile *ptr; | 259 | struct tomoyo_profile *ptr; |
261 | struct tomoyo_profile *entry; | 260 | struct tomoyo_profile *entry; |
@@ -443,7 +442,7 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head) | |||
443 | if (*cp != '-') | 442 | if (*cp != '-') |
444 | return -EINVAL; | 443 | return -EINVAL; |
445 | data = cp + 1; | 444 | data = cp + 1; |
446 | profile = tomoyo_find_or_assign_new_profile(i); | 445 | profile = tomoyo_assign_profile(i); |
447 | if (!profile) | 446 | if (!profile) |
448 | return -EINVAL; | 447 | return -EINVAL; |
449 | } | 448 | } |
@@ -584,13 +583,11 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) | |||
584 | goto next; | 583 | goto next; |
585 | } | 584 | } |
586 | 585 | ||
587 | static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, | 586 | static bool tomoyo_same_manager(const struct tomoyo_acl_head *a, |
588 | const struct tomoyo_acl_head *b) | 587 | const struct tomoyo_acl_head *b) |
589 | { | 588 | { |
590 | return container_of(a, struct tomoyo_policy_manager_entry, head) | 589 | return container_of(a, struct tomoyo_manager, head)->manager == |
591 | ->manager == | 590 | container_of(b, struct tomoyo_manager, head)->manager; |
592 | container_of(b, struct tomoyo_policy_manager_entry, head) | ||
593 | ->manager; | ||
594 | } | 591 | } |
595 | 592 | ||
596 | /** | 593 | /** |
@@ -606,7 +603,7 @@ static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, | |||
606 | static int tomoyo_update_manager_entry(const char *manager, | 603 | static int tomoyo_update_manager_entry(const char *manager, |
607 | const bool is_delete) | 604 | const bool is_delete) |
608 | { | 605 | { |
609 | struct tomoyo_policy_manager_entry e = { }; | 606 | struct tomoyo_manager e = { }; |
610 | int error; | 607 | int error; |
611 | 608 | ||
612 | if (tomoyo_domain_def(manager)) { | 609 | if (tomoyo_domain_def(manager)) { |
@@ -622,13 +619,13 @@ static int tomoyo_update_manager_entry(const char *manager, | |||
622 | return -ENOMEM; | 619 | return -ENOMEM; |
623 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 620 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
624 | &tomoyo_policy_list[TOMOYO_ID_MANAGER], | 621 | &tomoyo_policy_list[TOMOYO_ID_MANAGER], |
625 | tomoyo_same_manager_entry); | 622 | tomoyo_same_manager); |
626 | tomoyo_put_name(e.manager); | 623 | tomoyo_put_name(e.manager); |
627 | return error; | 624 | return error; |
628 | } | 625 | } |
629 | 626 | ||
630 | /** | 627 | /** |
631 | * tomoyo_write_manager_policy - Write manager policy. | 628 | * tomoyo_write_manager - Write manager policy. |
632 | * | 629 | * |
633 | * @head: Pointer to "struct tomoyo_io_buffer". | 630 | * @head: Pointer to "struct tomoyo_io_buffer". |
634 | * | 631 | * |
@@ -636,7 +633,7 @@ static int tomoyo_update_manager_entry(const char *manager, | |||
636 | * | 633 | * |
637 | * Caller holds tomoyo_read_lock(). | 634 | * Caller holds tomoyo_read_lock(). |
638 | */ | 635 | */ |
639 | static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) | 636 | static int tomoyo_write_manager(struct tomoyo_io_buffer *head) |
640 | { | 637 | { |
641 | char *data = head->write_buf; | 638 | char *data = head->write_buf; |
642 | bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); | 639 | bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); |
@@ -649,19 +646,19 @@ static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) | |||
649 | } | 646 | } |
650 | 647 | ||
651 | /** | 648 | /** |
652 | * tomoyo_read_manager_policy - Read manager policy. | 649 | * tomoyo_read_manager - Read manager policy. |
653 | * | 650 | * |
654 | * @head: Pointer to "struct tomoyo_io_buffer". | 651 | * @head: Pointer to "struct tomoyo_io_buffer". |
655 | * | 652 | * |
656 | * Caller holds tomoyo_read_lock(). | 653 | * Caller holds tomoyo_read_lock(). |
657 | */ | 654 | */ |
658 | static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) | 655 | static void tomoyo_read_manager(struct tomoyo_io_buffer *head) |
659 | { | 656 | { |
660 | if (head->r.eof) | 657 | if (head->r.eof) |
661 | return; | 658 | return; |
662 | list_for_each_cookie(head->r.acl, | 659 | list_for_each_cookie(head->r.acl, |
663 | &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { | 660 | &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { |
664 | struct tomoyo_policy_manager_entry *ptr = | 661 | struct tomoyo_manager *ptr = |
665 | list_entry(head->r.acl, typeof(*ptr), head.list); | 662 | list_entry(head->r.acl, typeof(*ptr), head.list); |
666 | if (ptr->head.is_deleted) | 663 | if (ptr->head.is_deleted) |
667 | continue; | 664 | continue; |
@@ -674,16 +671,16 @@ static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) | |||
674 | } | 671 | } |
675 | 672 | ||
676 | /** | 673 | /** |
677 | * tomoyo_policy_manager - Check whether the current process is a policy manager. | 674 | * tomoyo_manager - Check whether the current process is a policy manager. |
678 | * | 675 | * |
679 | * Returns true if the current process is permitted to modify policy | 676 | * Returns true if the current process is permitted to modify policy |
680 | * via /sys/kernel/security/tomoyo/ interface. | 677 | * via /sys/kernel/security/tomoyo/ interface. |
681 | * | 678 | * |
682 | * Caller holds tomoyo_read_lock(). | 679 | * Caller holds tomoyo_read_lock(). |
683 | */ | 680 | */ |
684 | static bool tomoyo_policy_manager(void) | 681 | static bool tomoyo_manager(void) |
685 | { | 682 | { |
686 | struct tomoyo_policy_manager_entry *ptr; | 683 | struct tomoyo_manager *ptr; |
687 | const char *exe; | 684 | const char *exe; |
688 | const struct task_struct *task = current; | 685 | const struct task_struct *task = current; |
689 | const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; | 686 | const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; |
@@ -813,7 +810,7 @@ static int tomoyo_delete_domain(char *domainname) | |||
813 | } | 810 | } |
814 | 811 | ||
815 | /** | 812 | /** |
816 | * tomoyo_write_domain_policy2 - Write domain policy. | 813 | * tomoyo_write_domain2 - Write domain policy. |
817 | * | 814 | * |
818 | * @head: Pointer to "struct tomoyo_io_buffer". | 815 | * @head: Pointer to "struct tomoyo_io_buffer". |
819 | * | 816 | * |
@@ -821,17 +818,16 @@ static int tomoyo_delete_domain(char *domainname) | |||
821 | * | 818 | * |
822 | * Caller holds tomoyo_read_lock(). | 819 | * Caller holds tomoyo_read_lock(). |
823 | */ | 820 | */ |
824 | static int tomoyo_write_domain_policy2(char *data, | 821 | static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain, |
825 | struct tomoyo_domain_info *domain, | 822 | const bool is_delete) |
826 | const bool is_delete) | ||
827 | { | 823 | { |
828 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT)) | 824 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT)) |
829 | return tomoyo_write_mount_policy(data, domain, is_delete); | 825 | return tomoyo_write_mount(data, domain, is_delete); |
830 | return tomoyo_write_file_policy(data, domain, is_delete); | 826 | return tomoyo_write_file(data, domain, is_delete); |
831 | } | 827 | } |
832 | 828 | ||
833 | /** | 829 | /** |
834 | * tomoyo_write_domain_policy - Write domain policy. | 830 | * tomoyo_write_domain - Write domain policy. |
835 | * | 831 | * |
836 | * @head: Pointer to "struct tomoyo_io_buffer". | 832 | * @head: Pointer to "struct tomoyo_io_buffer". |
837 | * | 833 | * |
@@ -839,7 +835,7 @@ static int tomoyo_write_domain_policy2(char *data, | |||
839 | * | 835 | * |
840 | * Caller holds tomoyo_read_lock(). | 836 | * Caller holds tomoyo_read_lock(). |
841 | */ | 837 | */ |
842 | static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) | 838 | static int tomoyo_write_domain(struct tomoyo_io_buffer *head) |
843 | { | 839 | { |
844 | char *data = head->write_buf; | 840 | char *data = head->write_buf; |
845 | struct tomoyo_domain_info *domain = head->write_var1; | 841 | struct tomoyo_domain_info *domain = head->write_var1; |
@@ -854,7 +850,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) | |||
854 | if (is_select && tomoyo_select_one(head, data)) | 850 | if (is_select && tomoyo_select_one(head, data)) |
855 | return 0; | 851 | return 0; |
856 | /* Don't allow updating policies by non manager programs. */ | 852 | /* Don't allow updating policies by non manager programs. */ |
857 | if (!tomoyo_policy_manager()) | 853 | if (!tomoyo_manager()) |
858 | return -EPERM; | 854 | return -EPERM; |
859 | if (tomoyo_domain_def(data)) { | 855 | if (tomoyo_domain_def(data)) { |
860 | domain = NULL; | 856 | domain = NULL; |
@@ -863,7 +859,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) | |||
863 | else if (is_select) | 859 | else if (is_select) |
864 | domain = tomoyo_find_domain(data); | 860 | domain = tomoyo_find_domain(data); |
865 | else | 861 | else |
866 | domain = tomoyo_find_or_assign_new_domain(data, 0); | 862 | domain = tomoyo_assign_domain(data, 0); |
867 | head->write_var1 = domain; | 863 | head->write_var1 = domain; |
868 | return 0; | 864 | return 0; |
869 | } | 865 | } |
@@ -888,7 +884,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) | |||
888 | domain->transition_failed = !is_delete; | 884 | domain->transition_failed = !is_delete; |
889 | return 0; | 885 | return 0; |
890 | } | 886 | } |
891 | return tomoyo_write_domain_policy2(data, domain, is_delete); | 887 | return tomoyo_write_domain2(data, domain, is_delete); |
892 | } | 888 | } |
893 | 889 | ||
894 | /** | 890 | /** |
@@ -1022,13 +1018,13 @@ static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head, | |||
1022 | } | 1018 | } |
1023 | 1019 | ||
1024 | /** | 1020 | /** |
1025 | * tomoyo_read_domain_policy - Read domain policy. | 1021 | * tomoyo_read_domain - Read domain policy. |
1026 | * | 1022 | * |
1027 | * @head: Pointer to "struct tomoyo_io_buffer". | 1023 | * @head: Pointer to "struct tomoyo_io_buffer". |
1028 | * | 1024 | * |
1029 | * Caller holds tomoyo_read_lock(). | 1025 | * Caller holds tomoyo_read_lock(). |
1030 | */ | 1026 | */ |
1031 | static void tomoyo_read_domain_policy(struct tomoyo_io_buffer *head) | 1027 | static void tomoyo_read_domain(struct tomoyo_io_buffer *head) |
1032 | { | 1028 | { |
1033 | if (head->r.eof) | 1029 | if (head->r.eof) |
1034 | return; | 1030 | return; |
@@ -1208,8 +1204,13 @@ static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { | |||
1208 | [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN | 1204 | [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN |
1209 | }; | 1205 | }; |
1210 | 1206 | ||
1207 | static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { | ||
1208 | [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP, | ||
1209 | [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP | ||
1210 | }; | ||
1211 | |||
1211 | /** | 1212 | /** |
1212 | * tomoyo_write_exception_policy - Write exception policy. | 1213 | * tomoyo_write_exception - Write exception policy. |
1213 | * | 1214 | * |
1214 | * @head: Pointer to "struct tomoyo_io_buffer". | 1215 | * @head: Pointer to "struct tomoyo_io_buffer". |
1215 | * | 1216 | * |
@@ -1217,37 +1218,34 @@ static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { | |||
1217 | * | 1218 | * |
1218 | * Caller holds tomoyo_read_lock(). | 1219 | * Caller holds tomoyo_read_lock(). |
1219 | */ | 1220 | */ |
1220 | static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head) | 1221 | static int tomoyo_write_exception(struct tomoyo_io_buffer *head) |
1221 | { | 1222 | { |
1222 | char *data = head->write_buf; | 1223 | char *data = head->write_buf; |
1223 | bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); | 1224 | bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); |
1224 | u8 i; | 1225 | u8 i; |
1225 | 1226 | static const struct { | |
1226 | for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) { | 1227 | const char *keyword; |
1228 | int (*write) (char *, const bool); | ||
1229 | } tomoyo_callback[4] = { | ||
1230 | { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator }, | ||
1231 | { TOMOYO_KEYWORD_FILE_PATTERN, tomoyo_write_pattern }, | ||
1232 | { TOMOYO_KEYWORD_DENY_REWRITE, tomoyo_write_no_rewrite }, | ||
1233 | { TOMOYO_KEYWORD_ALLOW_READ, tomoyo_write_globally_readable }, | ||
1234 | }; | ||
1235 | |||
1236 | for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) | ||
1227 | if (tomoyo_str_starts(&data, tomoyo_transition_type[i])) | 1237 | if (tomoyo_str_starts(&data, tomoyo_transition_type[i])) |
1228 | return tomoyo_write_transition_control(data, is_delete, | 1238 | return tomoyo_write_transition_control(data, is_delete, |
1229 | i); | 1239 | i); |
1230 | } | 1240 | for (i = 0; i < 4; i++) |
1231 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR)) | 1241 | if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword)) |
1232 | return tomoyo_write_aggregator_policy(data, is_delete); | 1242 | return tomoyo_callback[i].write(data, is_delete); |
1233 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) | 1243 | for (i = 0; i < TOMOYO_MAX_GROUP; i++) |
1234 | return tomoyo_write_globally_readable_policy(data, is_delete); | 1244 | if (tomoyo_str_starts(&data, tomoyo_group_name[i])) |
1235 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN)) | 1245 | return tomoyo_write_group(data, is_delete, i); |
1236 | return tomoyo_write_pattern_policy(data, is_delete); | ||
1237 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE)) | ||
1238 | return tomoyo_write_no_rewrite_policy(data, is_delete); | ||
1239 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_PATH_GROUP)) | ||
1240 | return tomoyo_write_group(data, is_delete, TOMOYO_PATH_GROUP); | ||
1241 | if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NUMBER_GROUP)) | ||
1242 | return tomoyo_write_group(data, is_delete, TOMOYO_NUMBER_GROUP); | ||
1243 | return -EINVAL; | 1246 | return -EINVAL; |
1244 | } | 1247 | } |
1245 | 1248 | ||
1246 | static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { | ||
1247 | [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP, | ||
1248 | [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP | ||
1249 | }; | ||
1250 | |||
1251 | /** | 1249 | /** |
1252 | * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list. | 1250 | * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list. |
1253 | * | 1251 | * |
@@ -1331,8 +1329,8 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) | |||
1331 | break; | 1329 | break; |
1332 | case TOMOYO_ID_GLOBALLY_READABLE: | 1330 | case TOMOYO_ID_GLOBALLY_READABLE: |
1333 | { | 1331 | { |
1334 | struct tomoyo_globally_readable_file_entry *ptr | 1332 | struct tomoyo_readable_file *ptr = |
1335 | = container_of(acl, typeof(*ptr), head); | 1333 | container_of(acl, typeof(*ptr), head); |
1336 | tomoyo_set_string(head, | 1334 | tomoyo_set_string(head, |
1337 | TOMOYO_KEYWORD_ALLOW_READ); | 1335 | TOMOYO_KEYWORD_ALLOW_READ); |
1338 | tomoyo_set_string(head, ptr->filename->name); | 1336 | tomoyo_set_string(head, ptr->filename->name); |
@@ -1340,7 +1338,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) | |||
1340 | break; | 1338 | break; |
1341 | case TOMOYO_ID_AGGREGATOR: | 1339 | case TOMOYO_ID_AGGREGATOR: |
1342 | { | 1340 | { |
1343 | struct tomoyo_aggregator_entry *ptr = | 1341 | struct tomoyo_aggregator *ptr = |
1344 | container_of(acl, typeof(*ptr), head); | 1342 | container_of(acl, typeof(*ptr), head); |
1345 | tomoyo_set_string(head, | 1343 | tomoyo_set_string(head, |
1346 | TOMOYO_KEYWORD_AGGREGATOR); | 1344 | TOMOYO_KEYWORD_AGGREGATOR); |
@@ -1353,7 +1351,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) | |||
1353 | break; | 1351 | break; |
1354 | case TOMOYO_ID_PATTERN: | 1352 | case TOMOYO_ID_PATTERN: |
1355 | { | 1353 | { |
1356 | struct tomoyo_pattern_entry *ptr = | 1354 | struct tomoyo_no_pattern *ptr = |
1357 | container_of(acl, typeof(*ptr), head); | 1355 | container_of(acl, typeof(*ptr), head); |
1358 | tomoyo_set_string(head, | 1356 | tomoyo_set_string(head, |
1359 | TOMOYO_KEYWORD_FILE_PATTERN); | 1357 | TOMOYO_KEYWORD_FILE_PATTERN); |
@@ -1362,7 +1360,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) | |||
1362 | break; | 1360 | break; |
1363 | case TOMOYO_ID_NO_REWRITE: | 1361 | case TOMOYO_ID_NO_REWRITE: |
1364 | { | 1362 | { |
1365 | struct tomoyo_no_rewrite_entry *ptr = | 1363 | struct tomoyo_no_rewrite *ptr = |
1366 | container_of(acl, typeof(*ptr), head); | 1364 | container_of(acl, typeof(*ptr), head); |
1367 | tomoyo_set_string(head, | 1365 | tomoyo_set_string(head, |
1368 | TOMOYO_KEYWORD_DENY_REWRITE); | 1366 | TOMOYO_KEYWORD_DENY_REWRITE); |
@@ -1379,13 +1377,13 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) | |||
1379 | } | 1377 | } |
1380 | 1378 | ||
1381 | /** | 1379 | /** |
1382 | * tomoyo_read_exception_policy - Read exception policy. | 1380 | * tomoyo_read_exception - Read exception policy. |
1383 | * | 1381 | * |
1384 | * @head: Pointer to "struct tomoyo_io_buffer". | 1382 | * @head: Pointer to "struct tomoyo_io_buffer". |
1385 | * | 1383 | * |
1386 | * Caller holds tomoyo_read_lock(). | 1384 | * Caller holds tomoyo_read_lock(). |
1387 | */ | 1385 | */ |
1388 | static void tomoyo_read_exception_policy(struct tomoyo_io_buffer *head) | 1386 | static void tomoyo_read_exception(struct tomoyo_io_buffer *head) |
1389 | { | 1387 | { |
1390 | if (head->r.eof) | 1388 | if (head->r.eof) |
1391 | return; | 1389 | return; |
@@ -1472,7 +1470,7 @@ static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait); | |||
1472 | static DEFINE_SPINLOCK(tomoyo_query_list_lock); | 1470 | static DEFINE_SPINLOCK(tomoyo_query_list_lock); |
1473 | 1471 | ||
1474 | /* Structure for query. */ | 1472 | /* Structure for query. */ |
1475 | struct tomoyo_query_entry { | 1473 | struct tomoyo_query { |
1476 | struct list_head list; | 1474 | struct list_head list; |
1477 | char *query; | 1475 | char *query; |
1478 | int query_len; | 1476 | int query_len; |
@@ -1481,7 +1479,7 @@ struct tomoyo_query_entry { | |||
1481 | int answer; | 1479 | int answer; |
1482 | }; | 1480 | }; |
1483 | 1481 | ||
1484 | /* The list for "struct tomoyo_query_entry". */ | 1482 | /* The list for "struct tomoyo_query". */ |
1485 | static LIST_HEAD(tomoyo_query_list); | 1483 | static LIST_HEAD(tomoyo_query_list); |
1486 | 1484 | ||
1487 | /* | 1485 | /* |
@@ -1508,7 +1506,7 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) | |||
1508 | int pos; | 1506 | int pos; |
1509 | int len; | 1507 | int len; |
1510 | static unsigned int tomoyo_serial; | 1508 | static unsigned int tomoyo_serial; |
1511 | struct tomoyo_query_entry *tomoyo_query_entry = NULL; | 1509 | struct tomoyo_query *entry = NULL; |
1512 | bool quota_exceeded = false; | 1510 | bool quota_exceeded = false; |
1513 | char *header; | 1511 | char *header; |
1514 | switch (r->mode) { | 1512 | switch (r->mode) { |
@@ -1526,7 +1524,7 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) | |||
1526 | vsnprintf(buffer, len - 1, fmt, args); | 1524 | vsnprintf(buffer, len - 1, fmt, args); |
1527 | va_end(args); | 1525 | va_end(args); |
1528 | tomoyo_normalize_line(buffer); | 1526 | tomoyo_normalize_line(buffer); |
1529 | tomoyo_write_domain_policy2(buffer, r->domain, false); | 1527 | tomoyo_write_domain2(buffer, r->domain, false); |
1530 | kfree(buffer); | 1528 | kfree(buffer); |
1531 | /* fall through */ | 1529 | /* fall through */ |
1532 | case TOMOYO_CONFIG_PERMISSIVE: | 1530 | case TOMOYO_CONFIG_PERMISSIVE: |
@@ -1542,51 +1540,50 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) | |||
1542 | header = tomoyo_init_audit_log(&len, r); | 1540 | header = tomoyo_init_audit_log(&len, r); |
1543 | if (!header) | 1541 | if (!header) |
1544 | goto out; | 1542 | goto out; |
1545 | tomoyo_query_entry = kzalloc(sizeof(*tomoyo_query_entry), GFP_NOFS); | 1543 | entry = kzalloc(sizeof(*entry), GFP_NOFS); |
1546 | if (!tomoyo_query_entry) | 1544 | if (!entry) |
1547 | goto out; | 1545 | goto out; |
1548 | tomoyo_query_entry->query = kzalloc(len, GFP_NOFS); | 1546 | entry->query = kzalloc(len, GFP_NOFS); |
1549 | if (!tomoyo_query_entry->query) | 1547 | if (!entry->query) |
1550 | goto out; | 1548 | goto out; |
1551 | len = ksize(tomoyo_query_entry->query); | 1549 | len = ksize(entry->query); |
1552 | INIT_LIST_HEAD(&tomoyo_query_entry->list); | ||
1553 | spin_lock(&tomoyo_query_list_lock); | 1550 | spin_lock(&tomoyo_query_list_lock); |
1554 | if (tomoyo_quota_for_query && tomoyo_query_memory_size + len + | 1551 | if (tomoyo_quota_for_query && tomoyo_query_memory_size + len + |
1555 | sizeof(*tomoyo_query_entry) >= tomoyo_quota_for_query) { | 1552 | sizeof(*entry) >= tomoyo_quota_for_query) { |
1556 | quota_exceeded = true; | 1553 | quota_exceeded = true; |
1557 | } else { | 1554 | } else { |
1558 | tomoyo_query_memory_size += len + sizeof(*tomoyo_query_entry); | 1555 | tomoyo_query_memory_size += len + sizeof(*entry); |
1559 | tomoyo_query_entry->serial = tomoyo_serial++; | 1556 | entry->serial = tomoyo_serial++; |
1560 | } | 1557 | } |
1561 | spin_unlock(&tomoyo_query_list_lock); | 1558 | spin_unlock(&tomoyo_query_list_lock); |
1562 | if (quota_exceeded) | 1559 | if (quota_exceeded) |
1563 | goto out; | 1560 | goto out; |
1564 | pos = snprintf(tomoyo_query_entry->query, len - 1, "Q%u-%hu\n%s", | 1561 | pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s", |
1565 | tomoyo_query_entry->serial, r->retry, header); | 1562 | entry->serial, r->retry, header); |
1566 | kfree(header); | 1563 | kfree(header); |
1567 | header = NULL; | 1564 | header = NULL; |
1568 | va_start(args, fmt); | 1565 | va_start(args, fmt); |
1569 | vsnprintf(tomoyo_query_entry->query + pos, len - 1 - pos, fmt, args); | 1566 | vsnprintf(entry->query + pos, len - 1 - pos, fmt, args); |
1570 | tomoyo_query_entry->query_len = strlen(tomoyo_query_entry->query) + 1; | 1567 | entry->query_len = strlen(entry->query) + 1; |
1571 | va_end(args); | 1568 | va_end(args); |
1572 | spin_lock(&tomoyo_query_list_lock); | 1569 | spin_lock(&tomoyo_query_list_lock); |
1573 | list_add_tail(&tomoyo_query_entry->list, &tomoyo_query_list); | 1570 | list_add_tail(&entry->list, &tomoyo_query_list); |
1574 | spin_unlock(&tomoyo_query_list_lock); | 1571 | spin_unlock(&tomoyo_query_list_lock); |
1575 | /* Give 10 seconds for supervisor's opinion. */ | 1572 | /* Give 10 seconds for supervisor's opinion. */ |
1576 | for (tomoyo_query_entry->timer = 0; | 1573 | for (entry->timer = 0; |
1577 | atomic_read(&tomoyo_query_observers) && tomoyo_query_entry->timer < 100; | 1574 | atomic_read(&tomoyo_query_observers) && entry->timer < 100; |
1578 | tomoyo_query_entry->timer++) { | 1575 | entry->timer++) { |
1579 | wake_up(&tomoyo_query_wait); | 1576 | wake_up(&tomoyo_query_wait); |
1580 | set_current_state(TASK_INTERRUPTIBLE); | 1577 | set_current_state(TASK_INTERRUPTIBLE); |
1581 | schedule_timeout(HZ / 10); | 1578 | schedule_timeout(HZ / 10); |
1582 | if (tomoyo_query_entry->answer) | 1579 | if (entry->answer) |
1583 | break; | 1580 | break; |
1584 | } | 1581 | } |
1585 | spin_lock(&tomoyo_query_list_lock); | 1582 | spin_lock(&tomoyo_query_list_lock); |
1586 | list_del(&tomoyo_query_entry->list); | 1583 | list_del(&entry->list); |
1587 | tomoyo_query_memory_size -= len + sizeof(*tomoyo_query_entry); | 1584 | tomoyo_query_memory_size -= len + sizeof(*entry); |
1588 | spin_unlock(&tomoyo_query_list_lock); | 1585 | spin_unlock(&tomoyo_query_list_lock); |
1589 | switch (tomoyo_query_entry->answer) { | 1586 | switch (entry->answer) { |
1590 | case 3: /* Asked to retry by administrator. */ | 1587 | case 3: /* Asked to retry by administrator. */ |
1591 | error = TOMOYO_RETRY_REQUEST; | 1588 | error = TOMOYO_RETRY_REQUEST; |
1592 | r->retry++; | 1589 | r->retry++; |
@@ -1603,9 +1600,9 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) | |||
1603 | break; | 1600 | break; |
1604 | } | 1601 | } |
1605 | out: | 1602 | out: |
1606 | if (tomoyo_query_entry) | 1603 | if (entry) |
1607 | kfree(tomoyo_query_entry->query); | 1604 | kfree(entry->query); |
1608 | kfree(tomoyo_query_entry); | 1605 | kfree(entry); |
1609 | kfree(header); | 1606 | kfree(header); |
1610 | return error; | 1607 | return error; |
1611 | } | 1608 | } |
@@ -1628,9 +1625,8 @@ static int tomoyo_poll_query(struct file *file, poll_table *wait) | |||
1628 | for (i = 0; i < 2; i++) { | 1625 | for (i = 0; i < 2; i++) { |
1629 | spin_lock(&tomoyo_query_list_lock); | 1626 | spin_lock(&tomoyo_query_list_lock); |
1630 | list_for_each(tmp, &tomoyo_query_list) { | 1627 | list_for_each(tmp, &tomoyo_query_list) { |
1631 | struct tomoyo_query_entry *ptr | 1628 | struct tomoyo_query *ptr = |
1632 | = list_entry(tmp, struct tomoyo_query_entry, | 1629 | list_entry(tmp, typeof(*ptr), list); |
1633 | list); | ||
1634 | if (ptr->answer) | 1630 | if (ptr->answer) |
1635 | continue; | 1631 | continue; |
1636 | found = true; | 1632 | found = true; |
@@ -1665,8 +1661,7 @@ static void tomoyo_read_query(struct tomoyo_io_buffer *head) | |||
1665 | } | 1661 | } |
1666 | spin_lock(&tomoyo_query_list_lock); | 1662 | spin_lock(&tomoyo_query_list_lock); |
1667 | list_for_each(tmp, &tomoyo_query_list) { | 1663 | list_for_each(tmp, &tomoyo_query_list) { |
1668 | struct tomoyo_query_entry *ptr = | 1664 | struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); |
1669 | list_entry(tmp, typeof(*ptr), list); | ||
1670 | if (ptr->answer) | 1665 | if (ptr->answer) |
1671 | continue; | 1666 | continue; |
1672 | if (pos++ != head->r.query_index) | 1667 | if (pos++ != head->r.query_index) |
@@ -1685,8 +1680,7 @@ static void tomoyo_read_query(struct tomoyo_io_buffer *head) | |||
1685 | pos = 0; | 1680 | pos = 0; |
1686 | spin_lock(&tomoyo_query_list_lock); | 1681 | spin_lock(&tomoyo_query_list_lock); |
1687 | list_for_each(tmp, &tomoyo_query_list) { | 1682 | list_for_each(tmp, &tomoyo_query_list) { |
1688 | struct tomoyo_query_entry *ptr = | 1683 | struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); |
1689 | list_entry(tmp, typeof(*ptr), list); | ||
1690 | if (ptr->answer) | 1684 | if (ptr->answer) |
1691 | continue; | 1685 | continue; |
1692 | if (pos++ != head->r.query_index) | 1686 | if (pos++ != head->r.query_index) |
@@ -1724,8 +1718,7 @@ static int tomoyo_write_answer(struct tomoyo_io_buffer *head) | |||
1724 | unsigned int answer; | 1718 | unsigned int answer; |
1725 | spin_lock(&tomoyo_query_list_lock); | 1719 | spin_lock(&tomoyo_query_list_lock); |
1726 | list_for_each(tmp, &tomoyo_query_list) { | 1720 | list_for_each(tmp, &tomoyo_query_list) { |
1727 | struct tomoyo_query_entry *ptr | 1721 | struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); |
1728 | = list_entry(tmp, struct tomoyo_query_entry, list); | ||
1729 | ptr->timer = 0; | 1722 | ptr->timer = 0; |
1730 | } | 1723 | } |
1731 | spin_unlock(&tomoyo_query_list_lock); | 1724 | spin_unlock(&tomoyo_query_list_lock); |
@@ -1733,8 +1726,7 @@ static int tomoyo_write_answer(struct tomoyo_io_buffer *head) | |||
1733 | return -EINVAL; | 1726 | return -EINVAL; |
1734 | spin_lock(&tomoyo_query_list_lock); | 1727 | spin_lock(&tomoyo_query_list_lock); |
1735 | list_for_each(tmp, &tomoyo_query_list) { | 1728 | list_for_each(tmp, &tomoyo_query_list) { |
1736 | struct tomoyo_query_entry *ptr | 1729 | struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); |
1737 | = list_entry(tmp, struct tomoyo_query_entry, list); | ||
1738 | if (ptr->serial != serial) | 1730 | if (ptr->serial != serial) |
1739 | continue; | 1731 | continue; |
1740 | if (!ptr->answer) | 1732 | if (!ptr->answer) |
@@ -1801,13 +1793,13 @@ int tomoyo_open_control(const u8 type, struct file *file) | |||
1801 | switch (type) { | 1793 | switch (type) { |
1802 | case TOMOYO_DOMAINPOLICY: | 1794 | case TOMOYO_DOMAINPOLICY: |
1803 | /* /sys/kernel/security/tomoyo/domain_policy */ | 1795 | /* /sys/kernel/security/tomoyo/domain_policy */ |
1804 | head->write = tomoyo_write_domain_policy; | 1796 | head->write = tomoyo_write_domain; |
1805 | head->read = tomoyo_read_domain_policy; | 1797 | head->read = tomoyo_read_domain; |
1806 | break; | 1798 | break; |
1807 | case TOMOYO_EXCEPTIONPOLICY: | 1799 | case TOMOYO_EXCEPTIONPOLICY: |
1808 | /* /sys/kernel/security/tomoyo/exception_policy */ | 1800 | /* /sys/kernel/security/tomoyo/exception_policy */ |
1809 | head->write = tomoyo_write_exception_policy; | 1801 | head->write = tomoyo_write_exception; |
1810 | head->read = tomoyo_read_exception_policy; | 1802 | head->read = tomoyo_read_exception; |
1811 | break; | 1803 | break; |
1812 | case TOMOYO_SELFDOMAIN: | 1804 | case TOMOYO_SELFDOMAIN: |
1813 | /* /sys/kernel/security/tomoyo/self_domain */ | 1805 | /* /sys/kernel/security/tomoyo/self_domain */ |
@@ -1846,8 +1838,8 @@ int tomoyo_open_control(const u8 type, struct file *file) | |||
1846 | break; | 1838 | break; |
1847 | case TOMOYO_MANAGER: | 1839 | case TOMOYO_MANAGER: |
1848 | /* /sys/kernel/security/tomoyo/manager */ | 1840 | /* /sys/kernel/security/tomoyo/manager */ |
1849 | head->write = tomoyo_write_manager_policy; | 1841 | head->write = tomoyo_write_manager; |
1850 | head->read = tomoyo_read_manager_policy; | 1842 | head->read = tomoyo_read_manager; |
1851 | break; | 1843 | break; |
1852 | } | 1844 | } |
1853 | if (!(file->f_mode & FMODE_READ)) { | 1845 | if (!(file->f_mode & FMODE_READ)) { |
@@ -1906,23 +1898,6 @@ int tomoyo_open_control(const u8 type, struct file *file) | |||
1906 | } | 1898 | } |
1907 | 1899 | ||
1908 | /** | 1900 | /** |
1909 | * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface. | ||
1910 | * | ||
1911 | * @file: Pointer to "struct file". | ||
1912 | * @wait: Pointer to "poll_table". | ||
1913 | * | ||
1914 | * Waits for read readiness. | ||
1915 | * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd . | ||
1916 | */ | ||
1917 | int tomoyo_poll_control(struct file *file, poll_table *wait) | ||
1918 | { | ||
1919 | struct tomoyo_io_buffer *head = file->private_data; | ||
1920 | if (!head->poll) | ||
1921 | return -ENOSYS; | ||
1922 | return head->poll(file, wait); | ||
1923 | } | ||
1924 | |||
1925 | /** | ||
1926 | * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. | 1901 | * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. |
1927 | * | 1902 | * |
1928 | * @file: Pointer to "struct file". | 1903 | * @file: Pointer to "struct file". |
@@ -1979,8 +1954,7 @@ int tomoyo_write_control(struct file *file, const char __user *buffer, | |||
1979 | return -EFAULT; | 1954 | return -EFAULT; |
1980 | /* Don't allow updating policies by non manager programs. */ | 1955 | /* Don't allow updating policies by non manager programs. */ |
1981 | if (head->write != tomoyo_write_pid && | 1956 | if (head->write != tomoyo_write_pid && |
1982 | head->write != tomoyo_write_domain_policy && | 1957 | head->write != tomoyo_write_domain && !tomoyo_manager()) |
1983 | !tomoyo_policy_manager()) | ||
1984 | return -EPERM; | 1958 | return -EPERM; |
1985 | if (mutex_lock_interruptible(&head->io_sem)) | 1959 | if (mutex_lock_interruptible(&head->io_sem)) |
1986 | return -EINTR; | 1960 | return -EINTR; |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index ef8fecddb65a..b8b2dac656f1 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -310,10 +310,10 @@ struct tomoyo_path_info { | |||
310 | }; | 310 | }; |
311 | 311 | ||
312 | /* | 312 | /* |
313 | * tomoyo_name_entry is a structure which is used for linking | 313 | * tomoyo_name is a structure which is used for linking |
314 | * "struct tomoyo_path_info" into tomoyo_name_list . | 314 | * "struct tomoyo_path_info" into tomoyo_name_list . |
315 | */ | 315 | */ |
316 | struct tomoyo_name_entry { | 316 | struct tomoyo_name { |
317 | struct list_head list; | 317 | struct list_head list; |
318 | atomic_t users; | 318 | atomic_t users; |
319 | struct tomoyo_path_info entry; | 319 | struct tomoyo_path_info entry; |
@@ -572,20 +572,20 @@ struct tomoyo_io_buffer { | |||
572 | }; | 572 | }; |
573 | 573 | ||
574 | /* | 574 | /* |
575 | * tomoyo_globally_readable_file_entry is a structure which is used for holding | 575 | * tomoyo_readable_file is a structure which is used for holding |
576 | * "allow_read" entries. | 576 | * "allow_read" entries. |
577 | * It has following fields. | 577 | * It has following fields. |
578 | * | 578 | * |
579 | * (1) "head" is "struct tomoyo_acl_head". | 579 | * (1) "head" is "struct tomoyo_acl_head". |
580 | * (2) "filename" is a pathname which is allowed to open(O_RDONLY). | 580 | * (2) "filename" is a pathname which is allowed to open(O_RDONLY). |
581 | */ | 581 | */ |
582 | struct tomoyo_globally_readable_file_entry { | 582 | struct tomoyo_readable_file { |
583 | struct tomoyo_acl_head head; | 583 | struct tomoyo_acl_head head; |
584 | const struct tomoyo_path_info *filename; | 584 | const struct tomoyo_path_info *filename; |
585 | }; | 585 | }; |
586 | 586 | ||
587 | /* | 587 | /* |
588 | * tomoyo_pattern_entry is a structure which is used for holding | 588 | * tomoyo_no_pattern is a structure which is used for holding |
589 | * "file_pattern" entries. | 589 | * "file_pattern" entries. |
590 | * It has following fields. | 590 | * It has following fields. |
591 | * | 591 | * |
@@ -593,13 +593,13 @@ struct tomoyo_globally_readable_file_entry { | |||
593 | * (2) "pattern" is a pathname pattern which is used for converting pathnames | 593 | * (2) "pattern" is a pathname pattern which is used for converting pathnames |
594 | * to pathname patterns during learning mode. | 594 | * to pathname patterns during learning mode. |
595 | */ | 595 | */ |
596 | struct tomoyo_pattern_entry { | 596 | struct tomoyo_no_pattern { |
597 | struct tomoyo_acl_head head; | 597 | struct tomoyo_acl_head head; |
598 | const struct tomoyo_path_info *pattern; | 598 | const struct tomoyo_path_info *pattern; |
599 | }; | 599 | }; |
600 | 600 | ||
601 | /* | 601 | /* |
602 | * tomoyo_no_rewrite_entry is a structure which is used for holding | 602 | * tomoyo_no_rewrite is a structure which is used for holding |
603 | * "deny_rewrite" entries. | 603 | * "deny_rewrite" entries. |
604 | * It has following fields. | 604 | * It has following fields. |
605 | * | 605 | * |
@@ -607,7 +607,7 @@ struct tomoyo_pattern_entry { | |||
607 | * (2) "pattern" is a pathname which is by default not permitted to modify | 607 | * (2) "pattern" is a pathname which is by default not permitted to modify |
608 | * already existing content. | 608 | * already existing content. |
609 | */ | 609 | */ |
610 | struct tomoyo_no_rewrite_entry { | 610 | struct tomoyo_no_rewrite { |
611 | struct tomoyo_acl_head head; | 611 | struct tomoyo_acl_head head; |
612 | const struct tomoyo_path_info *pattern; | 612 | const struct tomoyo_path_info *pattern; |
613 | }; | 613 | }; |
@@ -636,7 +636,7 @@ struct tomoyo_transition_control { | |||
636 | }; | 636 | }; |
637 | 637 | ||
638 | /* | 638 | /* |
639 | * tomoyo_aggregator_entry is a structure which is used for holding | 639 | * tomoyo_aggregator is a structure which is used for holding |
640 | * "aggregator" entries. | 640 | * "aggregator" entries. |
641 | * It has following fields. | 641 | * It has following fields. |
642 | * | 642 | * |
@@ -644,14 +644,14 @@ struct tomoyo_transition_control { | |||
644 | * (2) "original_name" which is originally requested name. | 644 | * (2) "original_name" which is originally requested name. |
645 | * (3) "aggregated_name" which is name to rewrite. | 645 | * (3) "aggregated_name" which is name to rewrite. |
646 | */ | 646 | */ |
647 | struct tomoyo_aggregator_entry { | 647 | struct tomoyo_aggregator { |
648 | struct tomoyo_acl_head head; | 648 | struct tomoyo_acl_head head; |
649 | const struct tomoyo_path_info *original_name; | 649 | const struct tomoyo_path_info *original_name; |
650 | const struct tomoyo_path_info *aggregated_name; | 650 | const struct tomoyo_path_info *aggregated_name; |
651 | }; | 651 | }; |
652 | 652 | ||
653 | /* | 653 | /* |
654 | * tomoyo_policy_manager_entry is a structure which is used for holding list of | 654 | * tomoyo_manager is a structure which is used for holding list of |
655 | * domainnames or programs which are permitted to modify configuration via | 655 | * domainnames or programs which are permitted to modify configuration via |
656 | * /sys/kernel/security/tomoyo/ interface. | 656 | * /sys/kernel/security/tomoyo/ interface. |
657 | * It has following fields. | 657 | * It has following fields. |
@@ -661,7 +661,7 @@ struct tomoyo_aggregator_entry { | |||
661 | * otherwise. | 661 | * otherwise. |
662 | * (3) "manager" is a domainname or a program's pathname. | 662 | * (3) "manager" is a domainname or a program's pathname. |
663 | */ | 663 | */ |
664 | struct tomoyo_policy_manager_entry { | 664 | struct tomoyo_manager { |
665 | struct tomoyo_acl_head head; | 665 | struct tomoyo_acl_head head; |
666 | bool is_domain; /* True if manager is a domainname. */ | 666 | bool is_domain; /* True if manager is a domainname. */ |
667 | /* A path to program or a domainname. */ | 667 | /* A path to program or a domainname. */ |
@@ -749,8 +749,6 @@ bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num); | |||
749 | bool tomoyo_tokenize(char *buffer, char *w[], size_t size); | 749 | bool tomoyo_tokenize(char *buffer, char *w[], size_t size); |
750 | /* Write domain policy violation warning message to console? */ | 750 | /* Write domain policy violation warning message to console? */ |
751 | bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); | 751 | bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); |
752 | /* Get the last component of the given domainname. */ | ||
753 | const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); | ||
754 | /* Fill "struct tomoyo_request_info". */ | 752 | /* Fill "struct tomoyo_request_info". */ |
755 | int tomoyo_init_request_info(struct tomoyo_request_info *r, | 753 | int tomoyo_init_request_info(struct tomoyo_request_info *r, |
756 | struct tomoyo_domain_info *domain, | 754 | struct tomoyo_domain_info *domain, |
@@ -759,7 +757,7 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, | |||
759 | int tomoyo_mount_permission(char *dev_name, struct path *path, char *type, | 757 | int tomoyo_mount_permission(char *dev_name, struct path *path, char *type, |
760 | unsigned long flags, void *data_page); | 758 | unsigned long flags, void *data_page); |
761 | /* Create "aggregator" entry in exception policy. */ | 759 | /* Create "aggregator" entry in exception policy. */ |
762 | int tomoyo_write_aggregator_policy(char *data, const bool is_delete); | 760 | int tomoyo_write_aggregator(char *data, const bool is_delete); |
763 | int tomoyo_write_transition_control(char *data, const bool is_delete, | 761 | int tomoyo_write_transition_control(char *data, const bool is_delete, |
764 | const u8 type); | 762 | const u8 type); |
765 | /* | 763 | /* |
@@ -769,17 +767,17 @@ int tomoyo_write_transition_control(char *data, const bool is_delete, | |||
769 | * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_rename" and | 767 | * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_rename" and |
770 | * "allow_link" entry in domain policy. | 768 | * "allow_link" entry in domain policy. |
771 | */ | 769 | */ |
772 | int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain, | 770 | int tomoyo_write_file(char *data, struct tomoyo_domain_info *domain, |
773 | const bool is_delete); | 771 | const bool is_delete); |
774 | /* Create "allow_read" entry in exception policy. */ | 772 | /* Create "allow_read" entry in exception policy. */ |
775 | int tomoyo_write_globally_readable_policy(char *data, const bool is_delete); | 773 | int tomoyo_write_globally_readable(char *data, const bool is_delete); |
776 | /* Create "allow_mount" entry in domain policy. */ | 774 | /* Create "allow_mount" entry in domain policy. */ |
777 | int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain, | 775 | int tomoyo_write_mount(char *data, struct tomoyo_domain_info *domain, |
778 | const bool is_delete); | 776 | const bool is_delete); |
779 | /* Create "deny_rewrite" entry in exception policy. */ | 777 | /* Create "deny_rewrite" entry in exception policy. */ |
780 | int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete); | 778 | int tomoyo_write_no_rewrite(char *data, const bool is_delete); |
781 | /* Create "file_pattern" entry in exception policy. */ | 779 | /* Create "file_pattern" entry in exception policy. */ |
782 | int tomoyo_write_pattern_policy(char *data, const bool is_delete); | 780 | int tomoyo_write_pattern(char *data, const bool is_delete); |
783 | /* Create "path_group"/"number_group" entry in exception policy. */ | 781 | /* Create "path_group"/"number_group" entry in exception policy. */ |
784 | int tomoyo_write_group(char *data, const bool is_delete, const u8 type); | 782 | int tomoyo_write_group(char *data, const bool is_delete, const u8 type); |
785 | int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) | 783 | int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) |
@@ -787,9 +785,8 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) | |||
787 | /* Find a domain by the given name. */ | 785 | /* Find a domain by the given name. */ |
788 | struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); | 786 | struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); |
789 | /* Find or create a domain by the given name. */ | 787 | /* Find or create a domain by the given name. */ |
790 | struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * | 788 | struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, |
791 | domainname, | 789 | const u8 profile); |
792 | const u8 profile); | ||
793 | struct tomoyo_profile *tomoyo_profile(const u8 profile); | 790 | struct tomoyo_profile *tomoyo_profile(const u8 profile); |
794 | /* | 791 | /* |
795 | * Allocate memory for "struct tomoyo_path_group"/"struct tomoyo_number_group". | 792 | * Allocate memory for "struct tomoyo_path_group"/"struct tomoyo_number_group". |
@@ -820,7 +817,7 @@ char *tomoyo_realpath_nofollow(const char *pathname); | |||
820 | */ | 817 | */ |
821 | char *tomoyo_realpath_from_path(struct path *path); | 818 | char *tomoyo_realpath_from_path(struct path *path); |
822 | /* Get patterned pathname. */ | 819 | /* Get patterned pathname. */ |
823 | const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename); | 820 | const char *tomoyo_pattern(const struct tomoyo_path_info *filename); |
824 | 821 | ||
825 | /* Check memory quota. */ | 822 | /* Check memory quota. */ |
826 | bool tomoyo_memory_ok(void *ptr); | 823 | bool tomoyo_memory_ok(void *ptr); |
@@ -882,7 +879,6 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, | |||
882 | void tomoyo_check_acl(struct tomoyo_request_info *r, | 879 | void tomoyo_check_acl(struct tomoyo_request_info *r, |
883 | bool (*check_entry) (const struct tomoyo_request_info *, | 880 | bool (*check_entry) (const struct tomoyo_request_info *, |
884 | const struct tomoyo_acl_info *)); | 881 | const struct tomoyo_acl_info *)); |
885 | const char *tomoyo_last_word(const char *name); | ||
886 | 882 | ||
887 | /********** External variable definitions. **********/ | 883 | /********** External variable definitions. **********/ |
888 | 884 | ||
@@ -959,8 +955,8 @@ static inline bool tomoyo_invalid(const unsigned char c) | |||
959 | static inline void tomoyo_put_name(const struct tomoyo_path_info *name) | 955 | static inline void tomoyo_put_name(const struct tomoyo_path_info *name) |
960 | { | 956 | { |
961 | if (name) { | 957 | if (name) { |
962 | struct tomoyo_name_entry *ptr = | 958 | struct tomoyo_name *ptr = |
963 | container_of(name, struct tomoyo_name_entry, entry); | 959 | container_of(name, typeof(*ptr), entry); |
964 | atomic_dec(&ptr->users); | 960 | atomic_dec(&ptr->users); |
965 | } | 961 | } |
966 | } | 962 | } |
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 05450b17c57f..4e0101b0041a 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
@@ -134,26 +134,22 @@ struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; | |||
134 | struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; | 134 | struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; |
135 | 135 | ||
136 | /** | 136 | /** |
137 | * tomoyo_get_last_name - Get last component of a domainname. | 137 | * tomoyo_last_word - Get last component of a domainname. |
138 | * | 138 | * |
139 | * @domain: Pointer to "struct tomoyo_domain_info". | 139 | * @domainname: Domainname to check. |
140 | * | 140 | * |
141 | * Returns the last component of the domainname. | 141 | * Returns the last word of @domainname. |
142 | */ | 142 | */ |
143 | const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain) | 143 | static const char *tomoyo_last_word(const char *name) |
144 | { | 144 | { |
145 | const char *cp0 = domain->domainname->name; | 145 | const char *cp = strrchr(name, ' '); |
146 | const char *cp1 = strrchr(cp0, ' '); | 146 | if (cp) |
147 | 147 | return cp + 1; | |
148 | if (cp1) | 148 | return name; |
149 | return cp1 + 1; | ||
150 | return cp0; | ||
151 | } | 149 | } |
152 | 150 | ||
153 | static bool tomoyo_same_transition_control_entry(const struct tomoyo_acl_head * | 151 | static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a, |
154 | a, | 152 | const struct tomoyo_acl_head *b) |
155 | const struct tomoyo_acl_head * | ||
156 | b) | ||
157 | { | 153 | { |
158 | const struct tomoyo_transition_control *p1 = container_of(a, | 154 | const struct tomoyo_transition_control *p1 = container_of(a, |
159 | typeof(*p1), | 155 | typeof(*p1), |
@@ -203,7 +199,7 @@ static int tomoyo_update_transition_control_entry(const char *domainname, | |||
203 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 199 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
204 | &tomoyo_policy_list | 200 | &tomoyo_policy_list |
205 | [TOMOYO_ID_TRANSITION_CONTROL], | 201 | [TOMOYO_ID_TRANSITION_CONTROL], |
206 | tomoyo_same_transition_control_entry); | 202 | tomoyo_same_transition_control); |
207 | out: | 203 | out: |
208 | tomoyo_put_name(e.domainname); | 204 | tomoyo_put_name(e.domainname); |
209 | tomoyo_put_name(e.program); | 205 | tomoyo_put_name(e.program); |
@@ -292,19 +288,17 @@ static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname, | |||
292 | return type; | 288 | return type; |
293 | } | 289 | } |
294 | 290 | ||
295 | static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a, | 291 | static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a, |
296 | const struct tomoyo_acl_head *b) | 292 | const struct tomoyo_acl_head *b) |
297 | { | 293 | { |
298 | const struct tomoyo_aggregator_entry *p1 = container_of(a, typeof(*p1), | 294 | const struct tomoyo_aggregator *p1 = container_of(a, typeof(*p1), head); |
299 | head); | 295 | const struct tomoyo_aggregator *p2 = container_of(b, typeof(*p2), head); |
300 | const struct tomoyo_aggregator_entry *p2 = container_of(b, typeof(*p2), | ||
301 | head); | ||
302 | return p1->original_name == p2->original_name && | 296 | return p1->original_name == p2->original_name && |
303 | p1->aggregated_name == p2->aggregated_name; | 297 | p1->aggregated_name == p2->aggregated_name; |
304 | } | 298 | } |
305 | 299 | ||
306 | /** | 300 | /** |
307 | * tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator_entry" list. | 301 | * tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator" list. |
308 | * | 302 | * |
309 | * @original_name: The original program's name. | 303 | * @original_name: The original program's name. |
310 | * @aggregated_name: The program name to use. | 304 | * @aggregated_name: The program name to use. |
@@ -318,7 +312,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name, | |||
318 | const char *aggregated_name, | 312 | const char *aggregated_name, |
319 | const bool is_delete) | 313 | const bool is_delete) |
320 | { | 314 | { |
321 | struct tomoyo_aggregator_entry e = { }; | 315 | struct tomoyo_aggregator e = { }; |
322 | int error = is_delete ? -ENOENT : -ENOMEM; | 316 | int error = is_delete ? -ENOENT : -ENOMEM; |
323 | 317 | ||
324 | if (!tomoyo_correct_path(original_name) || | 318 | if (!tomoyo_correct_path(original_name) || |
@@ -331,7 +325,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name, | |||
331 | goto out; | 325 | goto out; |
332 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 326 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
333 | &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR], | 327 | &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR], |
334 | tomoyo_same_aggregator_entry); | 328 | tomoyo_same_aggregator); |
335 | out: | 329 | out: |
336 | tomoyo_put_name(e.original_name); | 330 | tomoyo_put_name(e.original_name); |
337 | tomoyo_put_name(e.aggregated_name); | 331 | tomoyo_put_name(e.aggregated_name); |
@@ -339,7 +333,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name, | |||
339 | } | 333 | } |
340 | 334 | ||
341 | /** | 335 | /** |
342 | * tomoyo_write_aggregator_policy - Write "struct tomoyo_aggregator_entry" list. | 336 | * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list. |
343 | * | 337 | * |
344 | * @data: String to parse. | 338 | * @data: String to parse. |
345 | * @is_delete: True if it is a delete request. | 339 | * @is_delete: True if it is a delete request. |
@@ -348,7 +342,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name, | |||
348 | * | 342 | * |
349 | * Caller holds tomoyo_read_lock(). | 343 | * Caller holds tomoyo_read_lock(). |
350 | */ | 344 | */ |
351 | int tomoyo_write_aggregator_policy(char *data, const bool is_delete) | 345 | int tomoyo_write_aggregator(char *data, const bool is_delete) |
352 | { | 346 | { |
353 | char *cp = strchr(data, ' '); | 347 | char *cp = strchr(data, ' '); |
354 | 348 | ||
@@ -359,7 +353,7 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete) | |||
359 | } | 353 | } |
360 | 354 | ||
361 | /** | 355 | /** |
362 | * tomoyo_find_or_assign_new_domain - Create a domain. | 356 | * tomoyo_assign_domain - Create a domain. |
363 | * | 357 | * |
364 | * @domainname: The name of domain. | 358 | * @domainname: The name of domain. |
365 | * @profile: Profile number to assign if the domain was newly created. | 359 | * @profile: Profile number to assign if the domain was newly created. |
@@ -368,9 +362,8 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete) | |||
368 | * | 362 | * |
369 | * Caller holds tomoyo_read_lock(). | 363 | * Caller holds tomoyo_read_lock(). |
370 | */ | 364 | */ |
371 | struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * | 365 | struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, |
372 | domainname, | 366 | const u8 profile) |
373 | const u8 profile) | ||
374 | { | 367 | { |
375 | struct tomoyo_domain_info *entry; | 368 | struct tomoyo_domain_info *entry; |
376 | struct tomoyo_domain_info *domain = NULL; | 369 | struct tomoyo_domain_info *domain = NULL; |
@@ -430,10 +423,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) | |||
430 | int retval = -ENOMEM; | 423 | int retval = -ENOMEM; |
431 | bool need_kfree = false; | 424 | bool need_kfree = false; |
432 | struct tomoyo_path_info rn = { }; /* real name */ | 425 | struct tomoyo_path_info rn = { }; /* real name */ |
433 | struct tomoyo_path_info ln; /* last name */ | ||
434 | 426 | ||
435 | ln.name = tomoyo_get_last_name(old_domain); | ||
436 | tomoyo_fill_path_info(&ln); | ||
437 | mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); | 427 | mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); |
438 | is_enforce = (mode == TOMOYO_CONFIG_ENFORCING); | 428 | is_enforce = (mode == TOMOYO_CONFIG_ENFORCING); |
439 | if (!tmp) | 429 | if (!tmp) |
@@ -454,7 +444,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) | |||
454 | 444 | ||
455 | /* Check 'aggregator' directive. */ | 445 | /* Check 'aggregator' directive. */ |
456 | { | 446 | { |
457 | struct tomoyo_aggregator_entry *ptr; | 447 | struct tomoyo_aggregator *ptr; |
458 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list | 448 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list |
459 | [TOMOYO_ID_AGGREGATOR], head.list) { | 449 | [TOMOYO_ID_AGGREGATOR], head.list) { |
460 | if (ptr->head.is_deleted || | 450 | if (ptr->head.is_deleted || |
@@ -517,7 +507,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) | |||
517 | if (error < 0) | 507 | if (error < 0) |
518 | goto done; | 508 | goto done; |
519 | } | 509 | } |
520 | domain = tomoyo_find_or_assign_new_domain(tmp, old_domain->profile); | 510 | domain = tomoyo_assign_domain(tmp, old_domain->profile); |
521 | done: | 511 | done: |
522 | if (domain) | 512 | if (domain) |
523 | goto out; | 513 | goto out; |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index e7687ebdc5f6..f7877fa80f14 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -179,7 +179,7 @@ static int tomoyo_audit_path_log(struct tomoyo_request_info *r) | |||
179 | return 0; | 179 | return 0; |
180 | tomoyo_warn_log(r, "%s %s", operation, filename->name); | 180 | tomoyo_warn_log(r, "%s %s", operation, filename->name); |
181 | return tomoyo_supervisor(r, "allow_%s %s\n", operation, | 181 | return tomoyo_supervisor(r, "allow_%s %s\n", operation, |
182 | tomoyo_file_pattern(filename)); | 182 | tomoyo_pattern(filename)); |
183 | } | 183 | } |
184 | 184 | ||
185 | /** | 185 | /** |
@@ -199,8 +199,8 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) | |||
199 | tomoyo_warn_log(r, "%s %s %s", operation, filename1->name, | 199 | tomoyo_warn_log(r, "%s %s %s", operation, filename1->name, |
200 | filename2->name); | 200 | filename2->name); |
201 | return tomoyo_supervisor(r, "allow_%s %s %s\n", operation, | 201 | return tomoyo_supervisor(r, "allow_%s %s %s\n", operation, |
202 | tomoyo_file_pattern(filename1), | 202 | tomoyo_pattern(filename1), |
203 | tomoyo_file_pattern(filename2)); | 203 | tomoyo_pattern(filename2)); |
204 | } | 204 | } |
205 | 205 | ||
206 | /** | 206 | /** |
@@ -222,8 +222,7 @@ static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) | |||
222 | tomoyo_warn_log(r, "%s %s 0%o %u %u", operation, filename->name, mode, | 222 | tomoyo_warn_log(r, "%s %s 0%o %u %u", operation, filename->name, mode, |
223 | major, minor); | 223 | major, minor); |
224 | return tomoyo_supervisor(r, "allow_%s %s 0%o %u %u\n", operation, | 224 | return tomoyo_supervisor(r, "allow_%s %s 0%o %u %u\n", operation, |
225 | tomoyo_file_pattern(filename), mode, major, | 225 | tomoyo_pattern(filename), mode, major, minor); |
226 | minor); | ||
227 | } | 226 | } |
228 | 227 | ||
229 | /** | 228 | /** |
@@ -262,20 +261,20 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r) | |||
262 | radix); | 261 | radix); |
263 | tomoyo_warn_log(r, "%s %s %s", operation, filename->name, buffer); | 262 | tomoyo_warn_log(r, "%s %s %s", operation, filename->name, buffer); |
264 | return tomoyo_supervisor(r, "allow_%s %s %s\n", operation, | 263 | return tomoyo_supervisor(r, "allow_%s %s %s\n", operation, |
265 | tomoyo_file_pattern(filename), buffer); | 264 | tomoyo_pattern(filename), buffer); |
266 | } | 265 | } |
267 | 266 | ||
268 | static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a, | 267 | static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a, |
269 | const struct tomoyo_acl_head *b) | 268 | const struct tomoyo_acl_head *b) |
270 | { | 269 | { |
271 | return container_of(a, struct tomoyo_globally_readable_file_entry, | 270 | return container_of(a, struct tomoyo_readable_file, |
272 | head)->filename == | 271 | head)->filename == |
273 | container_of(b, struct tomoyo_globally_readable_file_entry, | 272 | container_of(b, struct tomoyo_readable_file, |
274 | head)->filename; | 273 | head)->filename; |
275 | } | 274 | } |
276 | 275 | ||
277 | /** | 276 | /** |
278 | * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list. | 277 | * tomoyo_update_globally_readable_entry - Update "struct tomoyo_readable_file" list. |
279 | * | 278 | * |
280 | * @filename: Filename unconditionally permitted to open() for reading. | 279 | * @filename: Filename unconditionally permitted to open() for reading. |
281 | * @is_delete: True if it is a delete request. | 280 | * @is_delete: True if it is a delete request. |
@@ -287,7 +286,7 @@ static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a, | |||
287 | static int tomoyo_update_globally_readable_entry(const char *filename, | 286 | static int tomoyo_update_globally_readable_entry(const char *filename, |
288 | const bool is_delete) | 287 | const bool is_delete) |
289 | { | 288 | { |
290 | struct tomoyo_globally_readable_file_entry e = { }; | 289 | struct tomoyo_readable_file e = { }; |
291 | int error; | 290 | int error; |
292 | 291 | ||
293 | if (!tomoyo_correct_word(filename)) | 292 | if (!tomoyo_correct_word(filename)) |
@@ -315,7 +314,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename, | |||
315 | static bool tomoyo_globally_readable_file(const struct tomoyo_path_info * | 314 | static bool tomoyo_globally_readable_file(const struct tomoyo_path_info * |
316 | filename) | 315 | filename) |
317 | { | 316 | { |
318 | struct tomoyo_globally_readable_file_entry *ptr; | 317 | struct tomoyo_readable_file *ptr; |
319 | bool found = false; | 318 | bool found = false; |
320 | 319 | ||
321 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list | 320 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list |
@@ -330,7 +329,7 @@ static bool tomoyo_globally_readable_file(const struct tomoyo_path_info * | |||
330 | } | 329 | } |
331 | 330 | ||
332 | /** | 331 | /** |
333 | * tomoyo_write_globally_readable_policy - Write "struct tomoyo_globally_readable_file_entry" list. | 332 | * tomoyo_write_globally_readable - Write "struct tomoyo_readable_file" list. |
334 | * | 333 | * |
335 | * @data: String to parse. | 334 | * @data: String to parse. |
336 | * @is_delete: True if it is a delete request. | 335 | * @is_delete: True if it is a delete request. |
@@ -339,7 +338,7 @@ static bool tomoyo_globally_readable_file(const struct tomoyo_path_info * | |||
339 | * | 338 | * |
340 | * Caller holds tomoyo_read_lock(). | 339 | * Caller holds tomoyo_read_lock(). |
341 | */ | 340 | */ |
342 | int tomoyo_write_globally_readable_policy(char *data, const bool is_delete) | 341 | int tomoyo_write_globally_readable(char *data, const bool is_delete) |
343 | { | 342 | { |
344 | return tomoyo_update_globally_readable_entry(data, is_delete); | 343 | return tomoyo_update_globally_readable_entry(data, is_delete); |
345 | } | 344 | } |
@@ -347,12 +346,12 @@ int tomoyo_write_globally_readable_policy(char *data, const bool is_delete) | |||
347 | static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, | 346 | static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, |
348 | const struct tomoyo_acl_head *b) | 347 | const struct tomoyo_acl_head *b) |
349 | { | 348 | { |
350 | return container_of(a, struct tomoyo_pattern_entry, head)->pattern == | 349 | return container_of(a, struct tomoyo_no_pattern, head)->pattern == |
351 | container_of(b, struct tomoyo_pattern_entry, head)->pattern; | 350 | container_of(b, struct tomoyo_no_pattern, head)->pattern; |
352 | } | 351 | } |
353 | 352 | ||
354 | /** | 353 | /** |
355 | * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list. | 354 | * tomoyo_update_file_pattern_entry - Update "struct tomoyo_no_pattern" list. |
356 | * | 355 | * |
357 | * @pattern: Pathname pattern. | 356 | * @pattern: Pathname pattern. |
358 | * @is_delete: True if it is a delete request. | 357 | * @is_delete: True if it is a delete request. |
@@ -364,7 +363,7 @@ static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, | |||
364 | static int tomoyo_update_file_pattern_entry(const char *pattern, | 363 | static int tomoyo_update_file_pattern_entry(const char *pattern, |
365 | const bool is_delete) | 364 | const bool is_delete) |
366 | { | 365 | { |
367 | struct tomoyo_pattern_entry e = { }; | 366 | struct tomoyo_no_pattern e = { }; |
368 | int error; | 367 | int error; |
369 | 368 | ||
370 | if (!tomoyo_correct_word(pattern)) | 369 | if (!tomoyo_correct_word(pattern)) |
@@ -380,7 +379,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern, | |||
380 | } | 379 | } |
381 | 380 | ||
382 | /** | 381 | /** |
383 | * tomoyo_file_pattern - Get patterned pathname. | 382 | * tomoyo_pattern - Get patterned pathname. |
384 | * | 383 | * |
385 | * @filename: The filename to find patterned pathname. | 384 | * @filename: The filename to find patterned pathname. |
386 | * | 385 | * |
@@ -388,9 +387,9 @@ static int tomoyo_update_file_pattern_entry(const char *pattern, | |||
388 | * | 387 | * |
389 | * Caller holds tomoyo_read_lock(). | 388 | * Caller holds tomoyo_read_lock(). |
390 | */ | 389 | */ |
391 | const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename) | 390 | const char *tomoyo_pattern(const struct tomoyo_path_info *filename) |
392 | { | 391 | { |
393 | struct tomoyo_pattern_entry *ptr; | 392 | struct tomoyo_no_pattern *ptr; |
394 | const struct tomoyo_path_info *pattern = NULL; | 393 | const struct tomoyo_path_info *pattern = NULL; |
395 | 394 | ||
396 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_PATTERN], | 395 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_PATTERN], |
@@ -413,7 +412,7 @@ const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename) | |||
413 | } | 412 | } |
414 | 413 | ||
415 | /** | 414 | /** |
416 | * tomoyo_write_pattern_policy - Write "struct tomoyo_pattern_entry" list. | 415 | * tomoyo_write_pattern - Write "struct tomoyo_no_pattern" list. |
417 | * | 416 | * |
418 | * @data: String to parse. | 417 | * @data: String to parse. |
419 | * @is_delete: True if it is a delete request. | 418 | * @is_delete: True if it is a delete request. |
@@ -422,7 +421,7 @@ const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename) | |||
422 | * | 421 | * |
423 | * Caller holds tomoyo_read_lock(). | 422 | * Caller holds tomoyo_read_lock(). |
424 | */ | 423 | */ |
425 | int tomoyo_write_pattern_policy(char *data, const bool is_delete) | 424 | int tomoyo_write_pattern(char *data, const bool is_delete) |
426 | { | 425 | { |
427 | return tomoyo_update_file_pattern_entry(data, is_delete); | 426 | return tomoyo_update_file_pattern_entry(data, is_delete); |
428 | } | 427 | } |
@@ -430,13 +429,13 @@ int tomoyo_write_pattern_policy(char *data, const bool is_delete) | |||
430 | static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, | 429 | static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, |
431 | const struct tomoyo_acl_head *b) | 430 | const struct tomoyo_acl_head *b) |
432 | { | 431 | { |
433 | return container_of(a, struct tomoyo_no_rewrite_entry, head)->pattern | 432 | return container_of(a, struct tomoyo_no_rewrite, head)->pattern |
434 | == container_of(b, struct tomoyo_no_rewrite_entry, head) | 433 | == container_of(b, struct tomoyo_no_rewrite, head) |
435 | ->pattern; | 434 | ->pattern; |
436 | } | 435 | } |
437 | 436 | ||
438 | /** | 437 | /** |
439 | * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list. | 438 | * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite" list. |
440 | * | 439 | * |
441 | * @pattern: Pathname pattern that are not rewritable by default. | 440 | * @pattern: Pathname pattern that are not rewritable by default. |
442 | * @is_delete: True if it is a delete request. | 441 | * @is_delete: True if it is a delete request. |
@@ -448,7 +447,7 @@ static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, | |||
448 | static int tomoyo_update_no_rewrite_entry(const char *pattern, | 447 | static int tomoyo_update_no_rewrite_entry(const char *pattern, |
449 | const bool is_delete) | 448 | const bool is_delete) |
450 | { | 449 | { |
451 | struct tomoyo_no_rewrite_entry e = { }; | 450 | struct tomoyo_no_rewrite e = { }; |
452 | int error; | 451 | int error; |
453 | 452 | ||
454 | if (!tomoyo_correct_word(pattern)) | 453 | if (!tomoyo_correct_word(pattern)) |
@@ -475,7 +474,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern, | |||
475 | */ | 474 | */ |
476 | static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename) | 475 | static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename) |
477 | { | 476 | { |
478 | struct tomoyo_no_rewrite_entry *ptr; | 477 | struct tomoyo_no_rewrite *ptr; |
479 | bool found = false; | 478 | bool found = false; |
480 | 479 | ||
481 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE], | 480 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE], |
@@ -491,7 +490,7 @@ static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename) | |||
491 | } | 490 | } |
492 | 491 | ||
493 | /** | 492 | /** |
494 | * tomoyo_write_no_rewrite_policy - Write "struct tomoyo_no_rewrite_entry" list. | 493 | * tomoyo_write_no_rewrite - Write "struct tomoyo_no_rewrite" list. |
495 | * | 494 | * |
496 | * @data: String to parse. | 495 | * @data: String to parse. |
497 | * @is_delete: True if it is a delete request. | 496 | * @is_delete: True if it is a delete request. |
@@ -500,7 +499,7 @@ static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename) | |||
500 | * | 499 | * |
501 | * Caller holds tomoyo_read_lock(). | 500 | * Caller holds tomoyo_read_lock(). |
502 | */ | 501 | */ |
503 | int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete) | 502 | int tomoyo_write_no_rewrite(char *data, const bool is_delete) |
504 | { | 503 | { |
505 | return tomoyo_update_no_rewrite_entry(data, is_delete); | 504 | return tomoyo_update_no_rewrite_entry(data, is_delete); |
506 | } | 505 | } |
@@ -1121,7 +1120,7 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1, | |||
1121 | } | 1120 | } |
1122 | 1121 | ||
1123 | /** | 1122 | /** |
1124 | * tomoyo_write_file_policy - Update file related list. | 1123 | * tomoyo_write_file - Update file related list. |
1125 | * | 1124 | * |
1126 | * @data: String to parse. | 1125 | * @data: String to parse. |
1127 | * @domain: Pointer to "struct tomoyo_domain_info". | 1126 | * @domain: Pointer to "struct tomoyo_domain_info". |
@@ -1131,8 +1130,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1, | |||
1131 | * | 1130 | * |
1132 | * Caller holds tomoyo_read_lock(). | 1131 | * Caller holds tomoyo_read_lock(). |
1133 | */ | 1132 | */ |
1134 | int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain, | 1133 | int tomoyo_write_file(char *data, struct tomoyo_domain_info *domain, |
1135 | const bool is_delete) | 1134 | const bool is_delete) |
1136 | { | 1135 | { |
1137 | char *w[5]; | 1136 | char *w[5]; |
1138 | u8 type; | 1137 | u8 type; |
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 254ac1145552..a877e4c3b101 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c | |||
@@ -11,7 +11,7 @@ | |||
11 | #include <linux/kthread.h> | 11 | #include <linux/kthread.h> |
12 | #include <linux/slab.h> | 12 | #include <linux/slab.h> |
13 | 13 | ||
14 | struct tomoyo_gc_entry { | 14 | struct tomoyo_gc { |
15 | struct list_head list; | 15 | struct list_head list; |
16 | int type; | 16 | int type; |
17 | struct list_head *element; | 17 | struct list_head *element; |
@@ -22,7 +22,7 @@ static DEFINE_MUTEX(tomoyo_gc_mutex); | |||
22 | /* Caller holds tomoyo_policy_lock mutex. */ | 22 | /* Caller holds tomoyo_policy_lock mutex. */ |
23 | static bool tomoyo_add_to_gc(const int type, struct list_head *element) | 23 | static bool tomoyo_add_to_gc(const int type, struct list_head *element) |
24 | { | 24 | { |
25 | struct tomoyo_gc_entry *entry = kzalloc(sizeof(*entry), GFP_ATOMIC); | 25 | struct tomoyo_gc *entry = kzalloc(sizeof(*entry), GFP_ATOMIC); |
26 | if (!entry) | 26 | if (!entry) |
27 | return false; | 27 | return false; |
28 | entry->type = type; | 28 | entry->type = type; |
@@ -34,21 +34,21 @@ static bool tomoyo_add_to_gc(const int type, struct list_head *element) | |||
34 | 34 | ||
35 | static void tomoyo_del_allow_read(struct list_head *element) | 35 | static void tomoyo_del_allow_read(struct list_head *element) |
36 | { | 36 | { |
37 | struct tomoyo_globally_readable_file_entry *ptr = | 37 | struct tomoyo_readable_file *ptr = |
38 | container_of(element, typeof(*ptr), head.list); | 38 | container_of(element, typeof(*ptr), head.list); |
39 | tomoyo_put_name(ptr->filename); | 39 | tomoyo_put_name(ptr->filename); |
40 | } | 40 | } |
41 | 41 | ||
42 | static void tomoyo_del_file_pattern(struct list_head *element) | 42 | static void tomoyo_del_file_pattern(struct list_head *element) |
43 | { | 43 | { |
44 | struct tomoyo_pattern_entry *ptr = | 44 | struct tomoyo_no_pattern *ptr = |
45 | container_of(element, typeof(*ptr), head.list); | 45 | container_of(element, typeof(*ptr), head.list); |
46 | tomoyo_put_name(ptr->pattern); | 46 | tomoyo_put_name(ptr->pattern); |
47 | } | 47 | } |
48 | 48 | ||
49 | static void tomoyo_del_no_rewrite(struct list_head *element) | 49 | static void tomoyo_del_no_rewrite(struct list_head *element) |
50 | { | 50 | { |
51 | struct tomoyo_no_rewrite_entry *ptr = | 51 | struct tomoyo_no_rewrite *ptr = |
52 | container_of(element, typeof(*ptr), head.list); | 52 | container_of(element, typeof(*ptr), head.list); |
53 | tomoyo_put_name(ptr->pattern); | 53 | tomoyo_put_name(ptr->pattern); |
54 | } | 54 | } |
@@ -63,7 +63,7 @@ static void tomoyo_del_transition_control(struct list_head *element) | |||
63 | 63 | ||
64 | static void tomoyo_del_aggregator(struct list_head *element) | 64 | static void tomoyo_del_aggregator(struct list_head *element) |
65 | { | 65 | { |
66 | struct tomoyo_aggregator_entry *ptr = | 66 | struct tomoyo_aggregator *ptr = |
67 | container_of(element, typeof(*ptr), head.list); | 67 | container_of(element, typeof(*ptr), head.list); |
68 | tomoyo_put_name(ptr->original_name); | 68 | tomoyo_put_name(ptr->original_name); |
69 | tomoyo_put_name(ptr->aggregated_name); | 69 | tomoyo_put_name(ptr->aggregated_name); |
@@ -71,7 +71,7 @@ static void tomoyo_del_aggregator(struct list_head *element) | |||
71 | 71 | ||
72 | static void tomoyo_del_manager(struct list_head *element) | 72 | static void tomoyo_del_manager(struct list_head *element) |
73 | { | 73 | { |
74 | struct tomoyo_policy_manager_entry *ptr = | 74 | struct tomoyo_manager *ptr = |
75 | container_of(element, typeof(*ptr), head.list); | 75 | container_of(element, typeof(*ptr), head.list); |
76 | tomoyo_put_name(ptr->manager); | 76 | tomoyo_put_name(ptr->manager); |
77 | } | 77 | } |
@@ -168,7 +168,7 @@ static bool tomoyo_del_domain(struct list_head *element) | |||
168 | 168 | ||
169 | static void tomoyo_del_name(struct list_head *element) | 169 | static void tomoyo_del_name(struct list_head *element) |
170 | { | 170 | { |
171 | const struct tomoyo_name_entry *ptr = | 171 | const struct tomoyo_name *ptr = |
172 | container_of(element, typeof(*ptr), list); | 172 | container_of(element, typeof(*ptr), list); |
173 | } | 173 | } |
174 | 174 | ||
@@ -242,7 +242,7 @@ static void tomoyo_collect_entry(void) | |||
242 | } | 242 | } |
243 | } | 243 | } |
244 | for (i = 0; i < TOMOYO_MAX_HASH; i++) { | 244 | for (i = 0; i < TOMOYO_MAX_HASH; i++) { |
245 | struct tomoyo_name_entry *ptr; | 245 | struct tomoyo_name *ptr; |
246 | list_for_each_entry_rcu(ptr, &tomoyo_name_list[i], list) { | 246 | list_for_each_entry_rcu(ptr, &tomoyo_name_list[i], list) { |
247 | if (atomic_read(&ptr->users)) | 247 | if (atomic_read(&ptr->users)) |
248 | continue; | 248 | continue; |
@@ -278,8 +278,8 @@ static void tomoyo_collect_entry(void) | |||
278 | 278 | ||
279 | static void tomoyo_kfree_entry(void) | 279 | static void tomoyo_kfree_entry(void) |
280 | { | 280 | { |
281 | struct tomoyo_gc_entry *p; | 281 | struct tomoyo_gc *p; |
282 | struct tomoyo_gc_entry *tmp; | 282 | struct tomoyo_gc *tmp; |
283 | 283 | ||
284 | list_for_each_entry_safe(p, tmp, &tomoyo_gc_queue, list) { | 284 | list_for_each_entry_safe(p, tmp, &tomoyo_gc_queue, list) { |
285 | struct list_head *element = p->element; | 285 | struct list_head *element = p->element; |
diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index a4aba4d9ca2e..297612669c74 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c | |||
@@ -150,7 +150,7 @@ struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; | |||
150 | */ | 150 | */ |
151 | const struct tomoyo_path_info *tomoyo_get_name(const char *name) | 151 | const struct tomoyo_path_info *tomoyo_get_name(const char *name) |
152 | { | 152 | { |
153 | struct tomoyo_name_entry *ptr; | 153 | struct tomoyo_name *ptr; |
154 | unsigned int hash; | 154 | unsigned int hash; |
155 | int len; | 155 | int len; |
156 | int allocated_len; | 156 | int allocated_len; |
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 7872226f72ee..cfeff871908e 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c | |||
@@ -55,8 +55,8 @@ static int tomoyo_audit_mount_log(struct tomoyo_request_info *r) | |||
55 | flags); | 55 | flags); |
56 | return tomoyo_supervisor(r, | 56 | return tomoyo_supervisor(r, |
57 | TOMOYO_KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n", | 57 | TOMOYO_KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n", |
58 | tomoyo_file_pattern(r->param.mount.dev), | 58 | tomoyo_pattern(r->param.mount.dev), |
59 | tomoyo_file_pattern(r->param.mount.dir), type, | 59 | tomoyo_pattern(r->param.mount.dir), type, |
60 | flags); | 60 | flags); |
61 | } | 61 | } |
62 | 62 | ||
@@ -250,7 +250,7 @@ static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a, | |||
250 | } | 250 | } |
251 | 251 | ||
252 | /** | 252 | /** |
253 | * tomoyo_write_mount_policy - Write "struct tomoyo_mount_acl" list. | 253 | * tomoyo_write_mount - Write "struct tomoyo_mount_acl" list. |
254 | * | 254 | * |
255 | * @data: String to parse. | 255 | * @data: String to parse. |
256 | * @domain: Pointer to "struct tomoyo_domain_info". | 256 | * @domain: Pointer to "struct tomoyo_domain_info". |
@@ -260,8 +260,8 @@ static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a, | |||
260 | * | 260 | * |
261 | * Caller holds tomoyo_read_lock(). | 261 | * Caller holds tomoyo_read_lock(). |
262 | */ | 262 | */ |
263 | int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain, | 263 | int tomoyo_write_mount(char *data, struct tomoyo_domain_info *domain, |
264 | const bool is_delete) | 264 | const bool is_delete) |
265 | { | 265 | { |
266 | struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL }; | 266 | struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL }; |
267 | int error = is_delete ? -ENOENT : -ENOMEM; | 267 | int error = is_delete ? -ENOENT : -ENOMEM; |
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 12a768e6ee3f..150167d0cc3a 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c | |||
@@ -26,7 +26,7 @@ bool tomoyo_policy_loaded; | |||
26 | * The @src is updated to point the first character after the value | 26 | * The @src is updated to point the first character after the value |
27 | * on success. | 27 | * on success. |
28 | */ | 28 | */ |
29 | u8 tomoyo_parse_ulong(unsigned long *result, char **str) | 29 | static u8 tomoyo_parse_ulong(unsigned long *result, char **str) |
30 | { | 30 | { |
31 | const char *cp = *str; | 31 | const char *cp = *str; |
32 | char *ep; | 32 | char *ep; |