1 files changed, 33 insertions, 91 deletions
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 54015b9964dc..7872226f72ee 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(const struct tomoyo_request_info *r,
 }
 /**
- * tomoyo_mount_acl2 - Check permission for mount() operation.
+ * tomoyo_mount_acl - Check permission for mount() operation.
 *
 * @r:        Pointer to "struct tomoyo_request_info".
 * @dev_name: Name of device file.
@@ -85,8 +85,8 @@ static bool tomoyo_check_mount_acl(const struct tomoyo_request_info *r,
 *
 * Caller holds tomoyo_read_lock().
 */
-static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
+static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
-                             struct path *dir, char *type, unsigned long flags)
+                            struct path *dir, char *type, unsigned long flags)
 {
        struct path path;
        struct file_system_type *fstype = NULL;
@@ -179,94 +179,6 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
 }
 /**
- * tomoyo_mount_acl - Check permission for mount() operation.
- *
- * @r:        Pointer to "struct tomoyo_request_info".
- * @dev_name: Name of device file.
- * @dir:      Pointer to "struct path".
- * @type:     Name of filesystem type.
- * @flags:    Mount options.
- *
- * Returns 0 on success, negative value otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
-                            struct path *dir, char *type, unsigned long flags)
-{
-        int error;
-        error = -EPERM;
-        if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
-                flags &= ~MS_MGC_MSK;
-        switch (flags & (MS_REMOUNT | MS_MOVE | MS_BIND)) {
-        case MS_REMOUNT:
-        case MS_MOVE:
-        case MS_BIND:
-        case 0:
-                break;
-        default:
-                printk(KERN_WARNING "ERROR: "
-                       "%s%s%sare given for single mount operation.\n",
-                       flags & MS_REMOUNT ? "'remount' " : "",
-                       flags & MS_MOVE    ? "'move' " : "",
-                       flags & MS_BIND    ? "'bind' " : "");
-                return -EINVAL;
-        }
-        switch (flags & (MS_UNBINDABLE | MS_PRIVATE | MS_SLAVE | MS_SHARED)) {
-        case MS_UNBINDABLE:
-        case MS_PRIVATE:
-        case MS_SLAVE:
-        case MS_SHARED:
-        case 0:
-                break;
-        default:
-                printk(KERN_WARNING "ERROR: "
-                       "%s%s%s%sare given for single mount operation.\n",
-                       flags & MS_UNBINDABLE ? "'unbindable' " : "",
-                       flags & MS_PRIVATE    ? "'private' " : "",
-                       flags & MS_SLAVE      ? "'slave' " : "",
-                       flags & MS_SHARED     ? "'shared' " : "");
-                return -EINVAL;
-        }
-        if (flags & MS_REMOUNT)
-                error = tomoyo_mount_acl(r, dev_name, dir,
-                                      TOMOYO_MOUNT_REMOUNT_KEYWORD,
-                                      flags & ~MS_REMOUNT);
-        else if (flags & MS_MOVE)
-                error = tomoyo_mount_acl(r, dev_name, dir,
-                                      TOMOYO_MOUNT_MOVE_KEYWORD,
-                                      flags & ~MS_MOVE);
-        else if (flags & MS_BIND)
-                error = tomoyo_mount_acl(r, dev_name, dir,
-                                      TOMOYO_MOUNT_BIND_KEYWORD,
-                                      flags & ~MS_BIND);
-        else if (flags & MS_UNBINDABLE)
-                error = tomoyo_mount_acl(r, dev_name, dir,
-                                      TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD,
-                                      flags & ~MS_UNBINDABLE);
-        else if (flags & MS_PRIVATE)
-                error = tomoyo_mount_acl(r, dev_name, dir,
-                                      TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD,
-                                      flags & ~MS_PRIVATE);
-        else if (flags & MS_SLAVE)
-                error = tomoyo_mount_acl(r, dev_name, dir,
-                                      TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD,
-                                      flags & ~MS_SLAVE);
-        else if (flags & MS_SHARED)
-                error = tomoyo_mount_acl(r, dev_name, dir,
-                                      TOMOYO_MOUNT_MAKE_SHARED_KEYWORD,
-                                      flags & ~MS_SHARED);
-        else
-                do {
-                        error = tomoyo_mount_acl2(r, dev_name, dir, type,
-                                                  flags);
-                } while (error == TOMOYO_RETRY_REQUEST);
-        if (r->mode != TOMOYO_CONFIG_ENFORCING)
-                error = 0;
-        return error;
-}
-/**
 * tomoyo_mount_permission - Check permission for mount() operation.
 *
 * @dev_name:  Name of device file.
@@ -287,6 +199,36 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
        if (tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_MOUNT)
            == TOMOYO_CONFIG_DISABLED)
                return 0;
+        if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
+                flags &= ~MS_MGC_MSK;
+        if (flags & MS_REMOUNT) {
+                type = TOMOYO_MOUNT_REMOUNT_KEYWORD;
+                flags &= ~MS_REMOUNT;
+        }
+        if (flags & MS_MOVE) {
+                type = TOMOYO_MOUNT_MOVE_KEYWORD;
+                flags &= ~MS_MOVE;
+        }
+        if (flags & MS_BIND) {
+                type = TOMOYO_MOUNT_BIND_KEYWORD;
+                flags &= ~MS_BIND;
+        }
+        if (flags & MS_UNBINDABLE) {
+                type = TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD;
+                flags &= ~MS_UNBINDABLE;
+        }
+        if (flags & MS_PRIVATE) {
+                type = TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD;
+                flags &= ~MS_PRIVATE;
+        }
+        if (flags & MS_SLAVE) {
+                type = TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD;
+                flags &= ~MS_SLAVE;
+        }
+        if (flags & MS_SHARED) {
+                type = TOMOYO_MOUNT_MAKE_SHARED_KEYWORD;
+                flags &= ~MS_SHARED;
+        }
        if (!type)
                type = "<NULL>";
        idx = tomoyo_read_lock();

diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 54015b9964dc..7872226f72ee 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c
@@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(const struct tomoyo_request_info *r,
73	}	73	}
74		74
75	/**	75	/**
76	* tomoyo_mount_acl2 - Check permission for mount() operation.	76	* tomoyo_mount_acl - Check permission for mount() operation.
77	*	77	*
78	* @r: Pointer to "struct tomoyo_request_info".	78	* @r: Pointer to "struct tomoyo_request_info".
79	* @dev_name: Name of device file.	79	* @dev_name: Name of device file.
@@ -85,8 +85,8 @@ static bool tomoyo_check_mount_acl(const struct tomoyo_request_info *r,
85	*	85	*
86	* Caller holds tomoyo_read_lock().	86	* Caller holds tomoyo_read_lock().
87	*/	87	*/
88	static int tomoyo_mount_acl2(struct tomoyo_request_info r, char dev_name,	88	static int tomoyo_mount_acl(struct tomoyo_request_info r, char dev_name,
89	struct path dir, char type, unsigned long flags)	89	struct path dir, char type, unsigned long flags)
90	{	90	{
91	struct path path;	91	struct path path;
92	struct file_system_type *fstype = NULL;	92	struct file_system_type *fstype = NULL;
@@ -179,94 +179,6 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info r, char dev_name,
179	}	179	}
180		180
181	/**	181	/**
182	* tomoyo_mount_acl - Check permission for mount() operation.
183	*
184	* @r: Pointer to "struct tomoyo_request_info".
185	* @dev_name: Name of device file.
186	* @dir: Pointer to "struct path".
187	* @type: Name of filesystem type.
188	* @flags: Mount options.
189	*
190	* Returns 0 on success, negative value otherwise.
191	*
192	* Caller holds tomoyo_read_lock().
193	*/
194	static int tomoyo_mount_acl(struct tomoyo_request_info r, char dev_name,
195	struct path dir, char type, unsigned long flags)
196	{
197	int error;
198	error = -EPERM;
199	if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
200	flags &= ~MS_MGC_MSK;
201	switch (flags & (MS_REMOUNT \| MS_MOVE \| MS_BIND)) {
202	case MS_REMOUNT:
203	case MS_MOVE:
204	case MS_BIND:
205	case 0:
206	break;
207	default:
208	printk(KERN_WARNING "ERROR: "
209	"%s%s%sare given for single mount operation.\n",
210	flags & MS_REMOUNT ? "'remount' " : "",
211	flags & MS_MOVE ? "'move' " : "",
212	flags & MS_BIND ? "'bind' " : "");
213	return -EINVAL;
214	}
215	switch (flags & (MS_UNBINDABLE \| MS_PRIVATE \| MS_SLAVE \| MS_SHARED)) {
216	case MS_UNBINDABLE:
217	case MS_PRIVATE:
218	case MS_SLAVE:
219	case MS_SHARED:
220	case 0:
221	break;
222	default:
223	printk(KERN_WARNING "ERROR: "
224	"%s%s%s%sare given for single mount operation.\n",
225	flags & MS_UNBINDABLE ? "'unbindable' " : "",
226	flags & MS_PRIVATE ? "'private' " : "",
227	flags & MS_SLAVE ? "'slave' " : "",
228	flags & MS_SHARED ? "'shared' " : "");
229	return -EINVAL;
230	}
231	if (flags & MS_REMOUNT)
232	error = tomoyo_mount_acl(r, dev_name, dir,
233	TOMOYO_MOUNT_REMOUNT_KEYWORD,
234	flags & ~MS_REMOUNT);
235	else if (flags & MS_MOVE)
236	error = tomoyo_mount_acl(r, dev_name, dir,
237	TOMOYO_MOUNT_MOVE_KEYWORD,
238	flags & ~MS_MOVE);
239	else if (flags & MS_BIND)
240	error = tomoyo_mount_acl(r, dev_name, dir,
241	TOMOYO_MOUNT_BIND_KEYWORD,
242	flags & ~MS_BIND);
243	else if (flags & MS_UNBINDABLE)
244	error = tomoyo_mount_acl(r, dev_name, dir,
245	TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD,
246	flags & ~MS_UNBINDABLE);
247	else if (flags & MS_PRIVATE)
248	error = tomoyo_mount_acl(r, dev_name, dir,
249	TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD,
250	flags & ~MS_PRIVATE);
251	else if (flags & MS_SLAVE)
252	error = tomoyo_mount_acl(r, dev_name, dir,
253	TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD,
254	flags & ~MS_SLAVE);
255	else if (flags & MS_SHARED)
256	error = tomoyo_mount_acl(r, dev_name, dir,
257	TOMOYO_MOUNT_MAKE_SHARED_KEYWORD,
258	flags & ~MS_SHARED);
259	else
260	do {
261	error = tomoyo_mount_acl2(r, dev_name, dir, type,
262	flags);
263	} while (error == TOMOYO_RETRY_REQUEST);
264	if (r->mode != TOMOYO_CONFIG_ENFORCING)
265	error = 0;
266	return error;
267	}
268
269	/**
270	* tomoyo_mount_permission - Check permission for mount() operation.	182	* tomoyo_mount_permission - Check permission for mount() operation.
271	*	183	*
272	* @dev_name: Name of device file.	184	* @dev_name: Name of device file.
@@ -287,6 +199,36 @@ int tomoyo_mount_permission(char dev_name, struct path path, char *type,
287	if (tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_MOUNT)	199	if (tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_MOUNT)
288	== TOMOYO_CONFIG_DISABLED)	200	== TOMOYO_CONFIG_DISABLED)
289	return 0;	201	return 0;
		202	if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
		203	flags &= ~MS_MGC_MSK;
		204	if (flags & MS_REMOUNT) {
		205	type = TOMOYO_MOUNT_REMOUNT_KEYWORD;
		206	flags &= ~MS_REMOUNT;
		207	}
		208	if (flags & MS_MOVE) {
		209	type = TOMOYO_MOUNT_MOVE_KEYWORD;
		210	flags &= ~MS_MOVE;
		211	}
		212	if (flags & MS_BIND) {
		213	type = TOMOYO_MOUNT_BIND_KEYWORD;
		214	flags &= ~MS_BIND;
		215	}
		216	if (flags & MS_UNBINDABLE) {
		217	type = TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD;
		218	flags &= ~MS_UNBINDABLE;
		219	}
		220	if (flags & MS_PRIVATE) {
		221	type = TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD;
		222	flags &= ~MS_PRIVATE;
		223	}
		224	if (flags & MS_SLAVE) {
		225	type = TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD;
		226	flags &= ~MS_SLAVE;
		227	}
		228	if (flags & MS_SHARED) {
		229	type = TOMOYO_MOUNT_MAKE_SHARED_KEYWORD;
		230	flags &= ~MS_SHARED;
		231	}
290	if (!type)	232	if (!type)
291	type = "<NULL>";	233	type = "<NULL>";
292	idx = tomoyo_read_lock();	234	idx = tomoyo_read_lock();