aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/tomoyo/common.c44
-rw-r--r--security/tomoyo/common.h42
-rw-r--r--security/tomoyo/domain.c38
-rw-r--r--security/tomoyo/file.c104
-rw-r--r--security/tomoyo/gc.c4
-rw-r--r--security/tomoyo/mount.c10
-rw-r--r--security/tomoyo/number_group.c2
-rw-r--r--security/tomoyo/path_group.c2
-rw-r--r--security/tomoyo/tomoyo.c2
-rw-r--r--security/tomoyo/util.c66
10 files changed, 157 insertions, 157 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 4ee47af0917d..1a22fff89e70 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -494,12 +494,12 @@ static int tomoyo_update_manager_entry(const char *manager,
494 struct tomoyo_policy_manager_entry e = { }; 494 struct tomoyo_policy_manager_entry e = { };
495 int error; 495 int error;
496 496
497 if (tomoyo_is_domain_def(manager)) { 497 if (tomoyo_domain_def(manager)) {
498 if (!tomoyo_is_correct_domain(manager)) 498 if (!tomoyo_correct_domain(manager))
499 return -EINVAL; 499 return -EINVAL;
500 e.is_domain = true; 500 e.is_domain = true;
501 } else { 501 } else {
502 if (!tomoyo_is_correct_path(manager)) 502 if (!tomoyo_correct_path(manager))
503 return -EINVAL; 503 return -EINVAL;
504 } 504 }
505 e.manager = tomoyo_get_name(manager); 505 e.manager = tomoyo_get_name(manager);
@@ -565,14 +565,14 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
565} 565}
566 566
567/** 567/**
568 * tomoyo_is_policy_manager - Check whether the current process is a policy manager. 568 * tomoyo_policy_manager - Check whether the current process is a policy manager.
569 * 569 *
570 * Returns true if the current process is permitted to modify policy 570 * Returns true if the current process is permitted to modify policy
571 * via /sys/kernel/security/tomoyo/ interface. 571 * via /sys/kernel/security/tomoyo/ interface.
572 * 572 *
573 * Caller holds tomoyo_read_lock(). 573 * Caller holds tomoyo_read_lock().
574 */ 574 */
575static bool tomoyo_is_policy_manager(void) 575static bool tomoyo_policy_manager(void)
576{ 576{
577 struct tomoyo_policy_manager_entry *ptr; 577 struct tomoyo_policy_manager_entry *ptr;
578 const char *exe; 578 const char *exe;
@@ -617,7 +617,7 @@ static bool tomoyo_is_policy_manager(void)
617} 617}
618 618
619/** 619/**
620 * tomoyo_is_select_one - Parse select command. 620 * tomoyo_select_one - Parse select command.
621 * 621 *
622 * @head: Pointer to "struct tomoyo_io_buffer". 622 * @head: Pointer to "struct tomoyo_io_buffer".
623 * @data: String to parse. 623 * @data: String to parse.
@@ -626,7 +626,7 @@ static bool tomoyo_is_policy_manager(void)
626 * 626 *
627 * Caller holds tomoyo_read_lock(). 627 * Caller holds tomoyo_read_lock().
628 */ 628 */
629static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head, 629static bool tomoyo_select_one(struct tomoyo_io_buffer *head,
630 const char *data) 630 const char *data)
631{ 631{
632 unsigned int pid; 632 unsigned int pid;
@@ -647,7 +647,7 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
647 read_unlock(&tasklist_lock); 647 read_unlock(&tasklist_lock);
648 rcu_read_unlock(); 648 rcu_read_unlock();
649 } else if (!strncmp(data, "domain=", 7)) { 649 } else if (!strncmp(data, "domain=", 7)) {
650 if (tomoyo_is_domain_def(data + 7)) 650 if (tomoyo_domain_def(data + 7))
651 domain = tomoyo_find_domain(data + 7); 651 domain = tomoyo_find_domain(data + 7);
652 } else 652 } else
653 return false; 653 return false;
@@ -748,12 +748,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
748 is_delete = true; 748 is_delete = true;
749 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) 749 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
750 is_select = true; 750 is_select = true;
751 if (is_select && tomoyo_is_select_one(head, data)) 751 if (is_select && tomoyo_select_one(head, data))
752 return 0; 752 return 0;
753 /* Don't allow updating policies by non manager programs. */ 753 /* Don't allow updating policies by non manager programs. */
754 if (!tomoyo_is_policy_manager()) 754 if (!tomoyo_policy_manager())
755 return -EPERM; 755 return -EPERM;
756 if (tomoyo_is_domain_def(data)) { 756 if (tomoyo_domain_def(data)) {
757 domain = NULL; 757 domain = NULL;
758 if (is_delete) 758 if (is_delete)
759 tomoyo_delete_domain(data); 759 tomoyo_delete_domain(data);
@@ -894,26 +894,26 @@ static bool tomoyo_print_path_number_acl(struct tomoyo_io_buffer *head,
894} 894}
895 895
896/** 896/**
897 * tomoyo_print_path_number3_acl - Print a path_number3 ACL entry. 897 * tomoyo_print_mkdev_acl - Print a mkdev ACL entry.
898 * 898 *
899 * @head: Pointer to "struct tomoyo_io_buffer". 899 * @head: Pointer to "struct tomoyo_io_buffer".
900 * @ptr: Pointer to "struct tomoyo_path_number3_acl". 900 * @ptr: Pointer to "struct tomoyo_mkdev_acl".
901 * 901 *
902 * Returns true on success, false otherwise. 902 * Returns true on success, false otherwise.
903 */ 903 */
904static bool tomoyo_print_path_number3_acl(struct tomoyo_io_buffer *head, 904static bool tomoyo_print_mkdev_acl(struct tomoyo_io_buffer *head,
905 struct tomoyo_path_number3_acl *ptr) 905 struct tomoyo_mkdev_acl *ptr)
906{ 906{
907 int pos; 907 int pos;
908 u8 bit; 908 u8 bit;
909 const u16 perm = ptr->perm; 909 const u16 perm = ptr->perm;
910 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_NUMBER3_OPERATION; 910 for (bit = head->read_bit; bit < TOMOYO_MAX_MKDEV_OPERATION;
911 bit++) { 911 bit++) {
912 if (!(perm & (1 << bit))) 912 if (!(perm & (1 << bit)))
913 continue; 913 continue;
914 pos = head->read_avail; 914 pos = head->read_avail;
915 if (!tomoyo_io_printf(head, "allow_%s", 915 if (!tomoyo_io_printf(head, "allow_%s",
916 tomoyo_path_number32keyword(bit)) || 916 tomoyo_mkdev2keyword(bit)) ||
917 !tomoyo_print_name_union(head, &ptr->name) || 917 !tomoyo_print_name_union(head, &ptr->name) ||
918 !tomoyo_print_number_union(head, &ptr->mode) || 918 !tomoyo_print_number_union(head, &ptr->mode) ||
919 !tomoyo_print_number_union(head, &ptr->major) || 919 !tomoyo_print_number_union(head, &ptr->major) ||
@@ -984,11 +984,11 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
984 head); 984 head);
985 return tomoyo_print_path_number_acl(head, acl); 985 return tomoyo_print_path_number_acl(head, acl);
986 } 986 }
987 if (acl_type == TOMOYO_TYPE_PATH_NUMBER3_ACL) { 987 if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
988 struct tomoyo_path_number3_acl *acl 988 struct tomoyo_mkdev_acl *acl
989 = container_of(ptr, struct tomoyo_path_number3_acl, 989 = container_of(ptr, struct tomoyo_mkdev_acl,
990 head); 990 head);
991 return tomoyo_print_path_number3_acl(head, acl); 991 return tomoyo_print_mkdev_acl(head, acl);
992 } 992 }
993 if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { 993 if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
994 struct tomoyo_mount_acl *acl 994 struct tomoyo_mount_acl *acl
@@ -1910,7 +1910,7 @@ int tomoyo_write_control(struct file *file, const char __user *buffer,
1910 /* Don't allow updating policies by non manager programs. */ 1910 /* Don't allow updating policies by non manager programs. */
1911 if (head->write != tomoyo_write_pid && 1911 if (head->write != tomoyo_write_pid &&
1912 head->write != tomoyo_write_domain_policy && 1912 head->write != tomoyo_write_domain_policy &&
1913 !tomoyo_is_policy_manager()) 1913 !tomoyo_policy_manager())
1914 return -EPERM; 1914 return -EPERM;
1915 if (mutex_lock_interruptible(&head->io_sem)) 1915 if (mutex_lock_interruptible(&head->io_sem))
1916 return -EINTR; 1916 return -EINTR;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 36b027460ea6..9b106e9adbec 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -80,7 +80,7 @@ enum tomoyo_acl_entry_type_index {
80 TOMOYO_TYPE_PATH_ACL, 80 TOMOYO_TYPE_PATH_ACL,
81 TOMOYO_TYPE_PATH2_ACL, 81 TOMOYO_TYPE_PATH2_ACL,
82 TOMOYO_TYPE_PATH_NUMBER_ACL, 82 TOMOYO_TYPE_PATH_NUMBER_ACL,
83 TOMOYO_TYPE_PATH_NUMBER3_ACL, 83 TOMOYO_TYPE_MKDEV_ACL,
84 TOMOYO_TYPE_MOUNT_ACL, 84 TOMOYO_TYPE_MOUNT_ACL,
85}; 85};
86 86
@@ -114,10 +114,10 @@ enum tomoyo_path_acl_index {
114 114
115#define TOMOYO_RW_MASK ((1 << TOMOYO_TYPE_READ) | (1 << TOMOYO_TYPE_WRITE)) 115#define TOMOYO_RW_MASK ((1 << TOMOYO_TYPE_READ) | (1 << TOMOYO_TYPE_WRITE))
116 116
117enum tomoyo_path_number3_acl_index { 117enum tomoyo_mkdev_acl_index {
118 TOMOYO_TYPE_MKBLOCK, 118 TOMOYO_TYPE_MKBLOCK,
119 TOMOYO_TYPE_MKCHAR, 119 TOMOYO_TYPE_MKCHAR,
120 TOMOYO_MAX_PATH_NUMBER3_OPERATION 120 TOMOYO_MAX_MKDEV_OPERATION
121}; 121};
122 122
123enum tomoyo_path2_acl_index { 123enum tomoyo_path2_acl_index {
@@ -342,7 +342,7 @@ struct tomoyo_number_group_member {
342 * 342 *
343 * Packing "struct tomoyo_acl_info" allows 343 * Packing "struct tomoyo_acl_info" allows
344 * "struct tomoyo_path_acl" to embed "u16" and "struct tomoyo_path2_acl" 344 * "struct tomoyo_path_acl" to embed "u16" and "struct tomoyo_path2_acl"
345 * "struct tomoyo_path_number_acl" "struct tomoyo_path_number3_acl" to embed 345 * "struct tomoyo_path_number_acl" "struct tomoyo_mkdev_acl" to embed
346 * "u8" without enlarging their structure size. 346 * "u8" without enlarging their structure size.
347 */ 347 */
348struct tomoyo_acl_info { 348struct tomoyo_acl_info {
@@ -439,7 +439,7 @@ struct tomoyo_path_number_acl {
439}; 439};
440 440
441/* 441/*
442 * tomoyo_path_number3_acl is a structure which is used for holding an 442 * tomoyo_mkdev_acl is a structure which is used for holding an
443 * entry with one pathname and three numbers operation. 443 * entry with one pathname and three numbers operation.
444 * It has following fields. 444 * It has following fields.
445 * 445 *
@@ -452,8 +452,8 @@ struct tomoyo_path_number_acl {
452 * Directives held by this structure are "allow_mkchar", "allow_mkblock". 452 * Directives held by this structure are "allow_mkchar", "allow_mkblock".
453 * 453 *
454 */ 454 */
455struct tomoyo_path_number3_acl { 455struct tomoyo_mkdev_acl {
456 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER3_ACL */ 456 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */
457 u8 perm; 457 u8 perm;
458 struct tomoyo_name_union name; 458 struct tomoyo_name_union name;
459 struct tomoyo_number_union mode; 459 struct tomoyo_number_union mode;
@@ -756,12 +756,12 @@ int tomoyo_get_mode(const u8 profile, const u8 index);
756bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 756bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
757 __attribute__ ((format(printf, 2, 3))); 757 __attribute__ ((format(printf, 2, 3)));
758/* Check whether the domainname is correct. */ 758/* Check whether the domainname is correct. */
759bool tomoyo_is_correct_domain(const unsigned char *domainname); 759bool tomoyo_correct_domain(const unsigned char *domainname);
760/* Check whether the token is correct. */ 760/* Check whether the token is correct. */
761bool tomoyo_is_correct_path(const char *filename); 761bool tomoyo_correct_path(const char *filename);
762bool tomoyo_is_correct_word(const char *string); 762bool tomoyo_correct_word(const char *string);
763/* Check whether the token can be a domainname. */ 763/* Check whether the token can be a domainname. */
764bool tomoyo_is_domain_def(const unsigned char *buffer); 764bool tomoyo_domain_def(const unsigned char *buffer);
765bool tomoyo_parse_name_union(const char *filename, 765bool tomoyo_parse_name_union(const char *filename,
766 struct tomoyo_name_union *ptr); 766 struct tomoyo_name_union *ptr);
767/* Check whether the given filename matches the given path_group. */ 767/* Check whether the given filename matches the given path_group. */
@@ -807,7 +807,7 @@ bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain);
807/* Convert double path operation to operation name. */ 807/* Convert double path operation to operation name. */
808const char *tomoyo_path22keyword(const u8 operation); 808const char *tomoyo_path22keyword(const u8 operation);
809const char *tomoyo_path_number2keyword(const u8 operation); 809const char *tomoyo_path_number2keyword(const u8 operation);
810const char *tomoyo_path_number32keyword(const u8 operation); 810const char *tomoyo_mkdev2keyword(const u8 operation);
811/* Get the last component of the given domainname. */ 811/* Get the last component of the given domainname. */
812const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); 812const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);
813/* Convert single path operation to operation name. */ 813/* Convert single path operation to operation name. */
@@ -919,8 +919,8 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
919 struct path *path, const int flag); 919 struct path *path, const int flag);
920int tomoyo_path_number_perm(const u8 operation, struct path *path, 920int tomoyo_path_number_perm(const u8 operation, struct path *path,
921 unsigned long number); 921 unsigned long number);
922int tomoyo_path_number3_perm(const u8 operation, struct path *path, 922int tomoyo_mkdev_perm(const u8 operation, struct path *path,
923 const unsigned int mode, unsigned int dev); 923 const unsigned int mode, unsigned int dev);
924int tomoyo_path_perm(const u8 operation, struct path *path); 924int tomoyo_path_perm(const u8 operation, struct path *path);
925int tomoyo_path2_perm(const u8 operation, struct path *path1, 925int tomoyo_path2_perm(const u8 operation, struct path *path1,
926 struct path *path2); 926 struct path *path2);
@@ -1008,25 +1008,25 @@ static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a,
1008} 1008}
1009 1009
1010/** 1010/**
1011 * tomoyo_is_valid - Check whether the character is a valid char. 1011 * tomoyo_valid - Check whether the character is a valid char.
1012 * 1012 *
1013 * @c: The character to check. 1013 * @c: The character to check.
1014 * 1014 *
1015 * Returns true if @c is a valid character, false otherwise. 1015 * Returns true if @c is a valid character, false otherwise.
1016 */ 1016 */
1017static inline bool tomoyo_is_valid(const unsigned char c) 1017static inline bool tomoyo_valid(const unsigned char c)
1018{ 1018{
1019 return c > ' ' && c < 127; 1019 return c > ' ' && c < 127;
1020} 1020}
1021 1021
1022/** 1022/**
1023 * tomoyo_is_invalid - Check whether the character is an invalid char. 1023 * tomoyo_invalid - Check whether the character is an invalid char.
1024 * 1024 *
1025 * @c: The character to check. 1025 * @c: The character to check.
1026 * 1026 *
1027 * Returns true if @c is an invalid character, false otherwise. 1027 * Returns true if @c is an invalid character, false otherwise.
1028 */ 1028 */
1029static inline bool tomoyo_is_invalid(const unsigned char c) 1029static inline bool tomoyo_invalid(const unsigned char c)
1030{ 1030{
1031 return c && (c <= ' ' || c >= 127); 1031 return c && (c <= ' ' || c >= 127);
1032} 1032}
@@ -1063,20 +1063,20 @@ static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
1063 return task_cred_xxx(task, security); 1063 return task_cred_xxx(task, security);
1064} 1064}
1065 1065
1066static inline bool tomoyo_is_same_acl_head(const struct tomoyo_acl_info *p1, 1066static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *p1,
1067 const struct tomoyo_acl_info *p2) 1067 const struct tomoyo_acl_info *p2)
1068{ 1068{
1069 return p1->type == p2->type; 1069 return p1->type == p2->type;
1070} 1070}
1071 1071
1072static inline bool tomoyo_is_same_name_union 1072static inline bool tomoyo_same_name_union
1073(const struct tomoyo_name_union *p1, const struct tomoyo_name_union *p2) 1073(const struct tomoyo_name_union *p1, const struct tomoyo_name_union *p2)
1074{ 1074{
1075 return p1->filename == p2->filename && p1->group == p2->group && 1075 return p1->filename == p2->filename && p1->group == p2->group &&
1076 p1->is_group == p2->is_group; 1076 p1->is_group == p2->is_group;
1077} 1077}
1078 1078
1079static inline bool tomoyo_is_same_number_union 1079static inline bool tomoyo_same_number_union
1080(const struct tomoyo_number_union *p1, const struct tomoyo_number_union *p2) 1080(const struct tomoyo_number_union *p1, const struct tomoyo_number_union *p2)
1081{ 1081{
1082 return p1->values[0] == p2->values[0] && p1->values[1] == p2->values[1] 1082 return p1->values[0] == p2->values[0] && p1->values[1] == p2->values[1]
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 13f4f39baf8f..1a122974240f 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -256,13 +256,13 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
256 struct tomoyo_domain_initializer_entry e = { .is_not = is_not }; 256 struct tomoyo_domain_initializer_entry e = { .is_not = is_not };
257 int error = is_delete ? -ENOENT : -ENOMEM; 257 int error = is_delete ? -ENOENT : -ENOMEM;
258 258
259 if (!tomoyo_is_correct_path(program)) 259 if (!tomoyo_correct_path(program))
260 return -EINVAL; 260 return -EINVAL;
261 if (domainname) { 261 if (domainname) {
262 if (!tomoyo_is_domain_def(domainname) && 262 if (!tomoyo_domain_def(domainname) &&
263 tomoyo_is_correct_path(domainname)) 263 tomoyo_correct_path(domainname))
264 e.is_last_name = true; 264 e.is_last_name = true;
265 else if (!tomoyo_is_correct_domain(domainname)) 265 else if (!tomoyo_correct_domain(domainname))
266 return -EINVAL; 266 return -EINVAL;
267 e.domainname = tomoyo_get_name(domainname); 267 e.domainname = tomoyo_get_name(domainname);
268 if (!e.domainname) 268 if (!e.domainname)
@@ -346,7 +346,7 @@ int tomoyo_write_domain_initializer_policy(char *data, const bool is_not,
346} 346}
347 347
348/** 348/**
349 * tomoyo_is_domain_initializer - Check whether the given program causes domainname reinitialization. 349 * tomoyo_domain_initializer - Check whether the given program causes domainname reinitialization.
350 * 350 *
351 * @domainname: The name of domain. 351 * @domainname: The name of domain.
352 * @program: The name of program. 352 * @program: The name of program.
@@ -357,7 +357,7 @@ int tomoyo_write_domain_initializer_policy(char *data, const bool is_not,
357 * 357 *
358 * Caller holds tomoyo_read_lock(). 358 * Caller holds tomoyo_read_lock().
359 */ 359 */
360static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info * 360static bool tomoyo_domain_initializer(const struct tomoyo_path_info *
361 domainname, 361 domainname,
362 const struct tomoyo_path_info *program, 362 const struct tomoyo_path_info *program,
363 const struct tomoyo_path_info * 363 const struct tomoyo_path_info *
@@ -462,13 +462,13 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
462 struct tomoyo_domain_keeper_entry e = { .is_not = is_not }; 462 struct tomoyo_domain_keeper_entry e = { .is_not = is_not };
463 int error = is_delete ? -ENOENT : -ENOMEM; 463 int error = is_delete ? -ENOENT : -ENOMEM;
464 464
465 if (!tomoyo_is_domain_def(domainname) && 465 if (!tomoyo_domain_def(domainname) &&
466 tomoyo_is_correct_path(domainname)) 466 tomoyo_correct_path(domainname))
467 e.is_last_name = true; 467 e.is_last_name = true;
468 else if (!tomoyo_is_correct_domain(domainname)) 468 else if (!tomoyo_correct_domain(domainname))
469 return -EINVAL; 469 return -EINVAL;
470 if (program) { 470 if (program) {
471 if (!tomoyo_is_correct_path(program)) 471 if (!tomoyo_correct_path(program))
472 return -EINVAL; 472 return -EINVAL;
473 e.program = tomoyo_get_name(program); 473 e.program = tomoyo_get_name(program);
474 if (!e.program) 474 if (!e.program)
@@ -549,7 +549,7 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
549} 549}
550 550
551/** 551/**
552 * tomoyo_is_domain_keeper - Check whether the given program causes domain transition suppression. 552 * tomoyo_domain_keeper - Check whether the given program causes domain transition suppression.
553 * 553 *
554 * @domainname: The name of domain. 554 * @domainname: The name of domain.
555 * @program: The name of program. 555 * @program: The name of program.
@@ -560,7 +560,7 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
560 * 560 *
561 * Caller holds tomoyo_read_lock(). 561 * Caller holds tomoyo_read_lock().
562 */ 562 */
563static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname, 563static bool tomoyo_domain_keeper(const struct tomoyo_path_info *domainname,
564 const struct tomoyo_path_info *program, 564 const struct tomoyo_path_info *program,
565 const struct tomoyo_path_info *last_name) 565 const struct tomoyo_path_info *last_name)
566{ 566{
@@ -646,8 +646,8 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
646 struct tomoyo_aggregator_entry e = { }; 646 struct tomoyo_aggregator_entry e = { };
647 int error = is_delete ? -ENOENT : -ENOMEM; 647 int error = is_delete ? -ENOENT : -ENOMEM;
648 648
649 if (!tomoyo_is_correct_path(original_name) || 649 if (!tomoyo_correct_path(original_name) ||
650 !tomoyo_is_correct_path(aggregated_name)) 650 !tomoyo_correct_path(aggregated_name))
651 return -EINVAL; 651 return -EINVAL;
652 e.original_name = tomoyo_get_name(original_name); 652 e.original_name = tomoyo_get_name(original_name);
653 e.aggregated_name = tomoyo_get_name(aggregated_name); 653 e.aggregated_name = tomoyo_get_name(aggregated_name);
@@ -774,8 +774,8 @@ static int tomoyo_update_alias_entry(const char *original_name,
774 struct tomoyo_alias_entry e = { }; 774 struct tomoyo_alias_entry e = { };
775 int error = is_delete ? -ENOENT : -ENOMEM; 775 int error = is_delete ? -ENOENT : -ENOMEM;
776 776
777 if (!tomoyo_is_correct_path(original_name) || 777 if (!tomoyo_correct_path(original_name) ||
778 !tomoyo_is_correct_path(aliased_name)) 778 !tomoyo_correct_path(aliased_name))
779 return -EINVAL; 779 return -EINVAL;
780 e.original_name = tomoyo_get_name(original_name); 780 e.original_name = tomoyo_get_name(original_name);
781 e.aliased_name = tomoyo_get_name(aliased_name); 781 e.aliased_name = tomoyo_get_name(aliased_name);
@@ -859,7 +859,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
859 const struct tomoyo_path_info *saved_domainname; 859 const struct tomoyo_path_info *saved_domainname;
860 bool found = false; 860 bool found = false;
861 861
862 if (!tomoyo_is_correct_domain(domainname)) 862 if (!tomoyo_correct_domain(domainname))
863 return NULL; 863 return NULL;
864 saved_domainname = tomoyo_get_name(domainname); 864 saved_domainname = tomoyo_get_name(domainname);
865 if (!saved_domainname) 865 if (!saved_domainname)
@@ -984,7 +984,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
984 if (retval < 0) 984 if (retval < 0)
985 goto out; 985 goto out;
986 986
987 if (tomoyo_is_domain_initializer(old_domain->domainname, &rn, &ln)) { 987 if (tomoyo_domain_initializer(old_domain->domainname, &rn, &ln)) {
988 /* Transit to the child of tomoyo_kernel_domain domain. */ 988 /* Transit to the child of tomoyo_kernel_domain domain. */
989 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, 989 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1,
990 TOMOYO_ROOT_NAME " " "%s", rn.name); 990 TOMOYO_ROOT_NAME " " "%s", rn.name);
@@ -996,7 +996,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
996 * initializers because they might start before /sbin/init. 996 * initializers because they might start before /sbin/init.
997 */ 997 */
998 domain = old_domain; 998 domain = old_domain;
999 } else if (tomoyo_is_domain_keeper(old_domain->domainname, &rn, &ln)) { 999 } else if (tomoyo_domain_keeper(old_domain->domainname, &rn, &ln)) {
1000 /* Keep current domain. */ 1000 /* Keep current domain. */
1001 domain = old_domain; 1001 domain = old_domain;
1002 } else { 1002 } else {
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 18969e77f5e8..94e1493ab6b6 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -25,8 +25,8 @@ static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
25}; 25};
26 26
27/* Keyword array for operations with one pathname and three numbers. */ 27/* Keyword array for operations with one pathname and three numbers. */
28static const char *tomoyo_path_number3_keyword 28static const char *tomoyo_mkdev_keyword
29[TOMOYO_MAX_PATH_NUMBER3_OPERATION] = { 29[TOMOYO_MAX_MKDEV_OPERATION] = {
30 [TOMOYO_TYPE_MKBLOCK] = "mkblock", 30 [TOMOYO_TYPE_MKBLOCK] = "mkblock",
31 [TOMOYO_TYPE_MKCHAR] = "mkchar", 31 [TOMOYO_TYPE_MKCHAR] = "mkchar",
32}; 32};
@@ -65,7 +65,7 @@ static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = {
65 [TOMOYO_TYPE_UMOUNT] = TOMOYO_MAC_FILE_UMOUNT, 65 [TOMOYO_TYPE_UMOUNT] = TOMOYO_MAC_FILE_UMOUNT,
66}; 66};
67 67
68static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_PATH_NUMBER3_OPERATION] = { 68static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = {
69 [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK, 69 [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK,
70 [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR, 70 [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR,
71}; 71};
@@ -133,16 +133,16 @@ const char *tomoyo_path2keyword(const u8 operation)
133} 133}
134 134
135/** 135/**
136 * tomoyo_path_number32keyword - Get the name of path/number/number/number operations. 136 * tomoyo_mkdev2keyword - Get the name of path/number/number/number operations.
137 * 137 *
138 * @operation: Type of operation. 138 * @operation: Type of operation.
139 * 139 *
140 * Returns the name of path/number/number/number operation. 140 * Returns the name of path/number/number/number operation.
141 */ 141 */
142const char *tomoyo_path_number32keyword(const u8 operation) 142const char *tomoyo_mkdev2keyword(const u8 operation)
143{ 143{
144 return (operation < TOMOYO_MAX_PATH_NUMBER3_OPERATION) 144 return (operation < TOMOYO_MAX_MKDEV_OPERATION)
145 ? tomoyo_path_number3_keyword[operation] : NULL; 145 ? tomoyo_mkdev_keyword[operation] : NULL;
146} 146}
147 147
148/** 148/**
@@ -266,7 +266,7 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r)
266 */ 266 */
267static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) 267static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r)
268{ 268{
269 const char *operation = tomoyo_path_number32keyword(r->param.mkdev. 269 const char *operation = tomoyo_mkdev2keyword(r->param.mkdev.
270 operation); 270 operation);
271 const struct tomoyo_path_info *filename = r->param.mkdev.filename; 271 const struct tomoyo_path_info *filename = r->param.mkdev.filename;
272 const unsigned int major = r->param.mkdev.major; 272 const unsigned int major = r->param.mkdev.major;
@@ -380,7 +380,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
380 struct tomoyo_globally_readable_file_entry e = { }; 380 struct tomoyo_globally_readable_file_entry e = { };
381 int error; 381 int error;
382 382
383 if (!tomoyo_is_correct_word(filename)) 383 if (!tomoyo_correct_word(filename))
384 return -EINVAL; 384 return -EINVAL;
385 e.filename = tomoyo_get_name(filename); 385 e.filename = tomoyo_get_name(filename);
386 if (!e.filename) 386 if (!e.filename)
@@ -393,7 +393,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
393} 393}
394 394
395/** 395/**
396 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading. 396 * tomoyo_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
397 * 397 *
398 * @filename: The filename to check. 398 * @filename: The filename to check.
399 * 399 *
@@ -401,7 +401,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
401 * 401 *
402 * Caller holds tomoyo_read_lock(). 402 * Caller holds tomoyo_read_lock().
403 */ 403 */
404static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info * 404static bool tomoyo_globally_readable_file(const struct tomoyo_path_info *
405 filename) 405 filename)
406{ 406{
407 struct tomoyo_globally_readable_file_entry *ptr; 407 struct tomoyo_globally_readable_file_entry *ptr;
@@ -517,7 +517,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
517 struct tomoyo_pattern_entry e = { }; 517 struct tomoyo_pattern_entry e = { };
518 int error; 518 int error;
519 519
520 if (!tomoyo_is_correct_word(pattern)) 520 if (!tomoyo_correct_word(pattern))
521 return -EINVAL; 521 return -EINVAL;
522 e.pattern = tomoyo_get_name(pattern); 522 e.pattern = tomoyo_get_name(pattern);
523 if (!e.pattern) 523 if (!e.pattern)
@@ -658,7 +658,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
658 struct tomoyo_no_rewrite_entry e = { }; 658 struct tomoyo_no_rewrite_entry e = { };
659 int error; 659 int error;
660 660
661 if (!tomoyo_is_correct_word(pattern)) 661 if (!tomoyo_correct_word(pattern))
662 return -EINVAL; 662 return -EINVAL;
663 e.pattern = tomoyo_get_name(pattern); 663 e.pattern = tomoyo_get_name(pattern);
664 if (!e.pattern) 664 if (!e.pattern)
@@ -671,7 +671,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
671} 671}
672 672
673/** 673/**
674 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited. 674 * tomoyo_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
675 * 675 *
676 * @filename: Filename to check. 676 * @filename: Filename to check.
677 * 677 *
@@ -680,7 +680,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
680 * 680 *
681 * Caller holds tomoyo_read_lock(). 681 * Caller holds tomoyo_read_lock().
682 */ 682 */
683static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename) 683static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename)
684{ 684{
685 struct tomoyo_no_rewrite_entry *ptr; 685 struct tomoyo_no_rewrite_entry *ptr;
686 bool found = false; 686 bool found = false;
@@ -774,7 +774,7 @@ static bool tomoyo_check_path2_acl(const struct tomoyo_request_info *r,
774static bool tomoyo_check_mkdev_acl(const struct tomoyo_request_info *r, 774static bool tomoyo_check_mkdev_acl(const struct tomoyo_request_info *r,
775 const struct tomoyo_acl_info *ptr) 775 const struct tomoyo_acl_info *ptr)
776{ 776{
777 const struct tomoyo_path_number3_acl *acl = 777 const struct tomoyo_mkdev_acl *acl =
778 container_of(ptr, typeof(*acl), head); 778 container_of(ptr, typeof(*acl), head);
779 return (acl->perm & (1 << r->param.mkdev.operation)) && 779 return (acl->perm & (1 << r->param.mkdev.operation)) &&
780 tomoyo_compare_number_union(r->param.mkdev.mode, 780 tomoyo_compare_number_union(r->param.mkdev.mode,
@@ -792,8 +792,8 @@ static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a,
792{ 792{
793 const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head); 793 const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head);
794 const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head); 794 const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head);
795 return tomoyo_is_same_acl_head(&p1->head, &p2->head) && 795 return tomoyo_same_acl_head(&p1->head, &p2->head) &&
796 tomoyo_is_same_name_union(&p1->name, &p2->name); 796 tomoyo_same_name_union(&p1->name, &p2->name);
797} 797}
798 798
799static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a, 799static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a,
@@ -853,28 +853,28 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,
853 return error; 853 return error;
854} 854}
855 855
856static bool tomoyo_same_path_number3_acl(const struct tomoyo_acl_info *a, 856static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a,
857 const struct tomoyo_acl_info *b) 857 const struct tomoyo_acl_info *b)
858{ 858{
859 const struct tomoyo_path_number3_acl *p1 = container_of(a, typeof(*p1), 859 const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1),
860 head); 860 head);
861 const struct tomoyo_path_number3_acl *p2 = container_of(b, typeof(*p2), 861 const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2),
862 head); 862 head);
863 return tomoyo_is_same_acl_head(&p1->head, &p2->head) 863 return tomoyo_same_acl_head(&p1->head, &p2->head)
864 && tomoyo_is_same_name_union(&p1->name, &p2->name) 864 && tomoyo_same_name_union(&p1->name, &p2->name)
865 && tomoyo_is_same_number_union(&p1->mode, &p2->mode) 865 && tomoyo_same_number_union(&p1->mode, &p2->mode)
866 && tomoyo_is_same_number_union(&p1->major, &p2->major) 866 && tomoyo_same_number_union(&p1->major, &p2->major)
867 && tomoyo_is_same_number_union(&p1->minor, &p2->minor); 867 && tomoyo_same_number_union(&p1->minor, &p2->minor);
868} 868}
869 869
870static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a, 870static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a,
871 struct tomoyo_acl_info *b, 871 struct tomoyo_acl_info *b,
872 const bool is_delete) 872 const bool is_delete)
873{ 873{
874 u8 *const a_perm = &container_of(a, struct tomoyo_path_number3_acl, 874 u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl,
875 head)->perm; 875 head)->perm;
876 u8 perm = *a_perm; 876 u8 perm = *a_perm;
877 const u8 b_perm = container_of(b, struct tomoyo_path_number3_acl, head) 877 const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head)
878 ->perm; 878 ->perm;
879 if (is_delete) 879 if (is_delete)
880 perm &= ~b_perm; 880 perm &= ~b_perm;
@@ -885,7 +885,7 @@ static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a,
885} 885}
886 886
887/** 887/**
888 * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list. 888 * tomoyo_update_mkdev_acl - Update "struct tomoyo_mkdev_acl" list.
889 * 889 *
890 * @type: Type of operation. 890 * @type: Type of operation.
891 * @filename: Filename. 891 * @filename: Filename.
@@ -899,13 +899,13 @@ static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a,
899 * 899 *
900 * Caller holds tomoyo_read_lock(). 900 * Caller holds tomoyo_read_lock().
901 */ 901 */
902static int tomoyo_update_path_number3_acl(const u8 type, const char *filename, 902static int tomoyo_update_mkdev_acl(const u8 type, const char *filename,
903 char *mode, char *major, char *minor, 903 char *mode, char *major, char *minor,
904 struct tomoyo_domain_info * const 904 struct tomoyo_domain_info * const
905 domain, const bool is_delete) 905 domain, const bool is_delete)
906{ 906{
907 struct tomoyo_path_number3_acl e = { 907 struct tomoyo_mkdev_acl e = {
908 .head.type = TOMOYO_TYPE_PATH_NUMBER3_ACL, 908 .head.type = TOMOYO_TYPE_MKDEV_ACL,
909 .perm = 1 << type 909 .perm = 1 << type
910 }; 910 };
911 int error = is_delete ? -ENOENT : -ENOMEM; 911 int error = is_delete ? -ENOENT : -ENOMEM;
@@ -915,8 +915,8 @@ static int tomoyo_update_path_number3_acl(const u8 type, const char *filename,
915 !tomoyo_parse_number_union(minor, &e.minor)) 915 !tomoyo_parse_number_union(minor, &e.minor))
916 goto out; 916 goto out;
917 error = tomoyo_update_domain(&e.head, sizeof(e), is_delete, domain, 917 error = tomoyo_update_domain(&e.head, sizeof(e), is_delete, domain,
918 tomoyo_same_path_number3_acl, 918 tomoyo_same_mkdev_acl,
919 tomoyo_merge_path_number3_acl); 919 tomoyo_merge_mkdev_acl);
920 out: 920 out:
921 tomoyo_put_name_union(&e.name); 921 tomoyo_put_name_union(&e.name);
922 tomoyo_put_number_union(&e.mode); 922 tomoyo_put_number_union(&e.mode);
@@ -930,9 +930,9 @@ static bool tomoyo_same_path2_acl(const struct tomoyo_acl_info *a,
930{ 930{
931 const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head); 931 const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head);
932 const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head); 932 const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head);
933 return tomoyo_is_same_acl_head(&p1->head, &p2->head) 933 return tomoyo_same_acl_head(&p1->head, &p2->head)
934 && tomoyo_is_same_name_union(&p1->name1, &p2->name1) 934 && tomoyo_same_name_union(&p1->name1, &p2->name1)
935 && tomoyo_is_same_name_union(&p1->name2, &p2->name2); 935 && tomoyo_same_name_union(&p1->name2, &p2->name2);
936} 936}
937 937
938static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a, 938static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a,
@@ -1014,7 +1014,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
1014 tomoyo_check_acl(r, tomoyo_check_path_acl); 1014 tomoyo_check_acl(r, tomoyo_check_path_acl);
1015 if (!r->granted && operation == TOMOYO_TYPE_READ && 1015 if (!r->granted && operation == TOMOYO_TYPE_READ &&
1016 !r->domain->ignore_global_allow_read && 1016 !r->domain->ignore_global_allow_read &&
1017 tomoyo_is_globally_readable_file(filename)) 1017 tomoyo_globally_readable_file(filename))
1018 r->granted = true; 1018 r->granted = true;
1019 error = tomoyo_audit_path_log(r); 1019 error = tomoyo_audit_path_log(r);
1020 /* 1020 /*
@@ -1029,7 +1029,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
1029 * specified by "deny_rewrite" keyword. 1029 * specified by "deny_rewrite" keyword.
1030 */ 1030 */
1031 if (!error && operation == TOMOYO_TYPE_TRUNCATE && 1031 if (!error && operation == TOMOYO_TYPE_TRUNCATE &&
1032 tomoyo_is_no_rewrite_file(filename)) { 1032 tomoyo_no_rewrite_file(filename)) {
1033 operation = TOMOYO_TYPE_REWRITE; 1033 operation = TOMOYO_TYPE_REWRITE;
1034 goto next; 1034 goto next;
1035 } 1035 }
@@ -1043,9 +1043,9 @@ static bool tomoyo_same_path_number_acl(const struct tomoyo_acl_info *a,
1043 head); 1043 head);
1044 const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2), 1044 const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2),
1045 head); 1045 head);
1046 return tomoyo_is_same_acl_head(&p1->head, &p2->head) 1046 return tomoyo_same_acl_head(&p1->head, &p2->head)
1047 && tomoyo_is_same_name_union(&p1->name, &p2->name) 1047 && tomoyo_same_name_union(&p1->name, &p2->name)
1048 && tomoyo_is_same_number_union(&p1->number, &p2->number); 1048 && tomoyo_same_number_union(&p1->number, &p2->number);
1049} 1049}
1050 1050
1051static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a, 1051static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a,
@@ -1204,7 +1204,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
1204 error = -ENOMEM; 1204 error = -ENOMEM;
1205 goto out; 1205 goto out;
1206 } 1206 }
1207 if (tomoyo_is_no_rewrite_file(&buf)) 1207 if (tomoyo_no_rewrite_file(&buf))
1208 error = tomoyo_path_permission(&r, TOMOYO_TYPE_REWRITE, 1208 error = tomoyo_path_permission(&r, TOMOYO_TYPE_REWRITE,
1209 &buf); 1209 &buf);
1210 } 1210 }
@@ -1258,7 +1258,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
1258 goto out; 1258 goto out;
1259 switch (operation) { 1259 switch (operation) {
1260 case TOMOYO_TYPE_REWRITE: 1260 case TOMOYO_TYPE_REWRITE:
1261 if (!tomoyo_is_no_rewrite_file(&buf)) { 1261 if (!tomoyo_no_rewrite_file(&buf)) {
1262 error = 0; 1262 error = 0;
1263 goto out; 1263 goto out;
1264 } 1264 }
@@ -1279,7 +1279,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
1279} 1279}
1280 1280
1281/** 1281/**
1282 * tomoyo_path_number3_perm - Check permission for "mkblock" and "mkchar". 1282 * tomoyo_mkdev_perm - Check permission for "mkblock" and "mkchar".
1283 * 1283 *
1284 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK) 1284 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
1285 * @path: Pointer to "struct path". 1285 * @path: Pointer to "struct path".
@@ -1288,7 +1288,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
1288 * 1288 *
1289 * Returns 0 on success, negative value otherwise. 1289 * Returns 0 on success, negative value otherwise.
1290 */ 1290 */
1291int tomoyo_path_number3_perm(const u8 operation, struct path *path, 1291int tomoyo_mkdev_perm(const u8 operation, struct path *path,
1292 const unsigned int mode, unsigned int dev) 1292 const unsigned int mode, unsigned int dev)
1293{ 1293{
1294 struct tomoyo_request_info r; 1294 struct tomoyo_request_info r;
@@ -1304,7 +1304,7 @@ int tomoyo_path_number3_perm(const u8 operation, struct path *path,
1304 error = -ENOMEM; 1304 error = -ENOMEM;
1305 if (tomoyo_get_realpath(&buf, path)) { 1305 if (tomoyo_get_realpath(&buf, path)) {
1306 dev = new_decode_dev(dev); 1306 dev = new_decode_dev(dev);
1307 r.param_type = TOMOYO_TYPE_PATH_NUMBER3_ACL; 1307 r.param_type = TOMOYO_TYPE_MKDEV_ACL;
1308 r.param.mkdev.filename = &buf; 1308 r.param.mkdev.filename = &buf;
1309 r.param.mkdev.operation = operation; 1309 r.param.mkdev.operation = operation;
1310 r.param.mkdev.mode = mode; 1310 r.param.mkdev.mode = mode;
@@ -1420,11 +1420,11 @@ int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
1420 } 1420 }
1421 if (!w[3][0] || !w[4][0]) 1421 if (!w[3][0] || !w[4][0])
1422 goto out; 1422 goto out;
1423 for (type = 0; type < TOMOYO_MAX_PATH_NUMBER3_OPERATION; type++) { 1423 for (type = 0; type < TOMOYO_MAX_MKDEV_OPERATION; type++) {
1424 if (strcmp(w[0], tomoyo_path_number3_keyword[type])) 1424 if (strcmp(w[0], tomoyo_mkdev_keyword[type]))
1425 continue; 1425 continue;
1426 return tomoyo_update_path_number3_acl(type, w[1], w[2], w[3], 1426 return tomoyo_update_mkdev_acl(type, w[1], w[2], w[3],
1427 w[4], domain, is_delete); 1427 w[4], domain, is_delete);
1428 } 1428 }
1429 out: 1429 out:
1430 return -EINVAL; 1430 return -EINVAL;
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 4290e519eaa8..d129317ca481 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -122,9 +122,9 @@ static void tomoyo_del_acl(struct tomoyo_acl_info *acl)
122 tomoyo_put_number_union(&entry->number); 122 tomoyo_put_number_union(&entry->number);
123 } 123 }
124 break; 124 break;
125 case TOMOYO_TYPE_PATH_NUMBER3_ACL: 125 case TOMOYO_TYPE_MKDEV_ACL:
126 { 126 {
127 struct tomoyo_path_number3_acl *entry 127 struct tomoyo_mkdev_acl *entry
128 = container_of(acl, typeof(*entry), head); 128 = container_of(acl, typeof(*entry), head);
129 tomoyo_put_name_union(&entry->name); 129 tomoyo_put_name_union(&entry->name);
130 tomoyo_put_number_union(&entry->mode); 130 tomoyo_put_number_union(&entry->mode);
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 8f3ac251c571..54015b9964dc 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -300,11 +300,11 @@ static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a,
300{ 300{
301 const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head); 301 const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head);
302 const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head); 302 const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head);
303 return tomoyo_is_same_acl_head(&p1->head, &p2->head) && 303 return tomoyo_same_acl_head(&p1->head, &p2->head) &&
304 tomoyo_is_same_name_union(&p1->dev_name, &p2->dev_name) && 304 tomoyo_same_name_union(&p1->dev_name, &p2->dev_name) &&
305 tomoyo_is_same_name_union(&p1->dir_name, &p2->dir_name) && 305 tomoyo_same_name_union(&p1->dir_name, &p2->dir_name) &&
306 tomoyo_is_same_name_union(&p1->fs_type, &p2->fs_type) && 306 tomoyo_same_name_union(&p1->fs_type, &p2->fs_type) &&
307 tomoyo_is_same_number_union(&p1->flags, &p2->flags); 307 tomoyo_same_number_union(&p1->flags, &p2->flags);
308} 308}
309 309
310/** 310/**
diff --git a/security/tomoyo/number_group.c b/security/tomoyo/number_group.c
index 7266a7462c45..8779309c5b44 100644
--- a/security/tomoyo/number_group.c
+++ b/security/tomoyo/number_group.c
@@ -24,7 +24,7 @@ struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name)
24 struct tomoyo_number_group *group = NULL; 24 struct tomoyo_number_group *group = NULL;
25 const struct tomoyo_path_info *saved_group_name; 25 const struct tomoyo_path_info *saved_group_name;
26 int error = -ENOMEM; 26 int error = -ENOMEM;
27 if (!tomoyo_is_correct_word(group_name)) 27 if (!tomoyo_correct_word(group_name))
28 return NULL; 28 return NULL;
29 saved_group_name = tomoyo_get_name(group_name); 29 saved_group_name = tomoyo_get_name(group_name);
30 if (!saved_group_name) 30 if (!saved_group_name)
diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c
index 5b71d8868453..c78c57cd94ee 100644
--- a/security/tomoyo/path_group.c
+++ b/security/tomoyo/path_group.c
@@ -22,7 +22,7 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name)
22 struct tomoyo_path_group *group = NULL; 22 struct tomoyo_path_group *group = NULL;
23 const struct tomoyo_path_info *saved_group_name; 23 const struct tomoyo_path_info *saved_group_name;
24 int error = -ENOMEM; 24 int error = -ENOMEM;
25 if (!tomoyo_is_correct_word(group_name)) 25 if (!tomoyo_correct_word(group_name))
26 return NULL; 26 return NULL;
27 saved_group_name = tomoyo_get_name(group_name); 27 saved_group_name = tomoyo_get_name(group_name);
28 if (!saved_group_name) 28 if (!saved_group_name)
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 7be732cadd47..95d3f9572237 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -142,7 +142,7 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
142 default: 142 default:
143 goto no_dev; 143 goto no_dev;
144 } 144 }
145 return tomoyo_path_number3_perm(type, &path, perm, dev); 145 return tomoyo_mkdev_perm(type, &path, perm, dev);
146 no_dev: 146 no_dev:
147 switch (mode & S_IFMT) { 147 switch (mode & S_IFMT) {
148 case S_IFIFO: 148 case S_IFIFO:
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index e5931686ca33..945eeefbbdfe 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -89,7 +89,7 @@ void tomoyo_print_ulong(char *buffer, const int buffer_len,
89bool tomoyo_parse_name_union(const char *filename, 89bool tomoyo_parse_name_union(const char *filename,
90 struct tomoyo_name_union *ptr) 90 struct tomoyo_name_union *ptr)
91{ 91{
92 if (!tomoyo_is_correct_word(filename)) 92 if (!tomoyo_correct_word(filename))
93 return false; 93 return false;
94 if (filename[0] == '@') { 94 if (filename[0] == '@') {
95 ptr->group = tomoyo_get_path_group(filename + 1); 95 ptr->group = tomoyo_get_path_group(filename + 1);
@@ -115,7 +115,7 @@ bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num)
115 unsigned long v; 115 unsigned long v;
116 memset(num, 0, sizeof(*num)); 116 memset(num, 0, sizeof(*num));
117 if (data[0] == '@') { 117 if (data[0] == '@') {
118 if (!tomoyo_is_correct_word(data)) 118 if (!tomoyo_correct_word(data))
119 return false; 119 return false;
120 num->group = tomoyo_get_number_group(data + 1); 120 num->group = tomoyo_get_number_group(data + 1);
121 num->is_group = true; 121 num->is_group = true;
@@ -142,7 +142,7 @@ bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num)
142} 142}
143 143
144/** 144/**
145 * tomoyo_is_byte_range - Check whether the string is a \ooo style octal value. 145 * tomoyo_byte_range - Check whether the string is a \ooo style octal value.
146 * 146 *
147 * @str: Pointer to the string. 147 * @str: Pointer to the string.
148 * 148 *
@@ -151,7 +151,7 @@ bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num)
151 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF. 151 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF.
152 * This function verifies that \ooo is in valid range. 152 * This function verifies that \ooo is in valid range.
153 */ 153 */
154static inline bool tomoyo_is_byte_range(const char *str) 154static inline bool tomoyo_byte_range(const char *str)
155{ 155{
156 return *str >= '0' && *str++ <= '3' && 156 return *str >= '0' && *str++ <= '3' &&
157 *str >= '0' && *str++ <= '7' && 157 *str >= '0' && *str++ <= '7' &&
@@ -159,13 +159,13 @@ static inline bool tomoyo_is_byte_range(const char *str)
159} 159}
160 160
161/** 161/**
162 * tomoyo_is_alphabet_char - Check whether the character is an alphabet. 162 * tomoyo_alphabet_char - Check whether the character is an alphabet.
163 * 163 *
164 * @c: The character to check. 164 * @c: The character to check.
165 * 165 *
166 * Returns true if @c is an alphabet character, false otherwise. 166 * Returns true if @c is an alphabet character, false otherwise.
167 */ 167 */
168static inline bool tomoyo_is_alphabet_char(const char c) 168static inline bool tomoyo_alphabet_char(const char c)
169{ 169{
170 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z'); 170 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z');
171} 171}
@@ -223,15 +223,15 @@ void tomoyo_normalize_line(unsigned char *buffer)
223 unsigned char *dp = buffer; 223 unsigned char *dp = buffer;
224 bool first = true; 224 bool first = true;
225 225
226 while (tomoyo_is_invalid(*sp)) 226 while (tomoyo_invalid(*sp))
227 sp++; 227 sp++;
228 while (*sp) { 228 while (*sp) {
229 if (!first) 229 if (!first)
230 *dp++ = ' '; 230 *dp++ = ' ';
231 first = false; 231 first = false;
232 while (tomoyo_is_valid(*sp)) 232 while (tomoyo_valid(*sp))
233 *dp++ = *sp++; 233 *dp++ = *sp++;
234 while (tomoyo_is_invalid(*sp)) 234 while (tomoyo_invalid(*sp))
235 sp++; 235 sp++;
236 } 236 }
237 *dp = '\0'; 237 *dp = '\0';
@@ -265,7 +265,7 @@ bool tomoyo_tokenize(char *buffer, char *w[], size_t size)
265} 265}
266 266
267/** 267/**
268 * tomoyo_is_correct_word2 - Validate a string. 268 * tomoyo_correct_word2 - Validate a string.
269 * 269 *
270 * @string: The string to check. May be non-'\0'-terminated. 270 * @string: The string to check. May be non-'\0'-terminated.
271 * @len: Length of @string. 271 * @len: Length of @string.
@@ -273,7 +273,7 @@ bool tomoyo_tokenize(char *buffer, char *w[], size_t size)
273 * Check whether the given string follows the naming rules. 273 * Check whether the given string follows the naming rules.
274 * Returns true if @string follows the naming rules, false otherwise. 274 * Returns true if @string follows the naming rules, false otherwise.
275 */ 275 */
276static bool tomoyo_is_correct_word2(const char *string, size_t len) 276static bool tomoyo_correct_word2(const char *string, size_t len)
277{ 277{
278 const char *const start = string; 278 const char *const start = string;
279 bool in_repetition = false; 279 bool in_repetition = false;
@@ -325,13 +325,13 @@ static bool tomoyo_is_correct_word2(const char *string, size_t len)
325 if (d < '0' || d > '7' || e < '0' || e > '7') 325 if (d < '0' || d > '7' || e < '0' || e > '7')
326 break; 326 break;
327 c = tomoyo_make_byte(c, d, e); 327 c = tomoyo_make_byte(c, d, e);
328 if (tomoyo_is_invalid(c)) 328 if (tomoyo_invalid(c))
329 continue; /* pattern is not \000 */ 329 continue; /* pattern is not \000 */
330 } 330 }
331 goto out; 331 goto out;
332 } else if (in_repetition && c == '/') { 332 } else if (in_repetition && c == '/') {
333 goto out; 333 goto out;
334 } else if (tomoyo_is_invalid(c)) { 334 } else if (tomoyo_invalid(c)) {
335 goto out; 335 goto out;
336 } 336 }
337 } 337 }
@@ -343,39 +343,39 @@ static bool tomoyo_is_correct_word2(const char *string, size_t len)
343} 343}
344 344
345/** 345/**
346 * tomoyo_is_correct_word - Validate a string. 346 * tomoyo_correct_word - Validate a string.
347 * 347 *
348 * @string: The string to check. 348 * @string: The string to check.
349 * 349 *
350 * Check whether the given string follows the naming rules. 350 * Check whether the given string follows the naming rules.
351 * Returns true if @string follows the naming rules, false otherwise. 351 * Returns true if @string follows the naming rules, false otherwise.
352 */ 352 */
353bool tomoyo_is_correct_word(const char *string) 353bool tomoyo_correct_word(const char *string)
354{ 354{
355 return tomoyo_is_correct_word2(string, strlen(string)); 355 return tomoyo_correct_word2(string, strlen(string));
356} 356}
357 357
358/** 358/**
359 * tomoyo_is_correct_path - Validate a pathname. 359 * tomoyo_correct_path - Validate a pathname.
360 * 360 *
361 * @filename: The pathname to check. 361 * @filename: The pathname to check.
362 * 362 *
363 * Check whether the given pathname follows the naming rules. 363 * Check whether the given pathname follows the naming rules.
364 * Returns true if @filename follows the naming rules, false otherwise. 364 * Returns true if @filename follows the naming rules, false otherwise.
365 */ 365 */
366bool tomoyo_is_correct_path(const char *filename) 366bool tomoyo_correct_path(const char *filename)
367{ 367{
368 return *filename == '/' && tomoyo_is_correct_word(filename); 368 return *filename == '/' && tomoyo_correct_word(filename);
369} 369}
370 370
371/** 371/**
372 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules. 372 * tomoyo_correct_domain - Check whether the given domainname follows the naming rules.
373 * 373 *
374 * @domainname: The domainname to check. 374 * @domainname: The domainname to check.
375 * 375 *
376 * Returns true if @domainname follows the naming rules, false otherwise. 376 * Returns true if @domainname follows the naming rules, false otherwise.
377 */ 377 */
378bool tomoyo_is_correct_domain(const unsigned char *domainname) 378bool tomoyo_correct_domain(const unsigned char *domainname)
379{ 379{
380 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, 380 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME,
381 TOMOYO_ROOT_NAME_LEN)) 381 TOMOYO_ROOT_NAME_LEN))
@@ -390,23 +390,23 @@ bool tomoyo_is_correct_domain(const unsigned char *domainname)
390 if (!cp) 390 if (!cp)
391 break; 391 break;
392 if (*domainname != '/' || 392 if (*domainname != '/' ||
393 !tomoyo_is_correct_word2(domainname, cp - domainname - 1)) 393 !tomoyo_correct_word2(domainname, cp - domainname - 1))
394 goto out; 394 goto out;
395 domainname = cp + 1; 395 domainname = cp + 1;
396 } 396 }
397 return tomoyo_is_correct_path(domainname); 397 return tomoyo_correct_path(domainname);
398 out: 398 out:
399 return false; 399 return false;
400} 400}
401 401
402/** 402/**
403 * tomoyo_is_domain_def - Check whether the given token can be a domainname. 403 * tomoyo_domain_def - Check whether the given token can be a domainname.
404 * 404 *
405 * @buffer: The token to check. 405 * @buffer: The token to check.
406 * 406 *
407 * Returns true if @buffer possibly be a domainname, false otherwise. 407 * Returns true if @buffer possibly be a domainname, false otherwise.
408 */ 408 */
409bool tomoyo_is_domain_def(const unsigned char *buffer) 409bool tomoyo_domain_def(const unsigned char *buffer)
410{ 410{
411 return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); 411 return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN);
412} 412}
@@ -528,7 +528,7 @@ static bool tomoyo_file_matches_pattern2(const char *filename,
528 } else if (c == '\\') { 528 } else if (c == '\\') {
529 if (filename[1] == '\\') 529 if (filename[1] == '\\')
530 filename++; 530 filename++;
531 else if (tomoyo_is_byte_range(filename + 1)) 531 else if (tomoyo_byte_range(filename + 1))
532 filename += 3; 532 filename += 3;
533 else 533 else
534 return false; 534 return false;
@@ -549,14 +549,14 @@ static bool tomoyo_file_matches_pattern2(const char *filename,
549 return false; 549 return false;
550 break; 550 break;
551 case 'a': 551 case 'a':
552 if (!tomoyo_is_alphabet_char(c)) 552 if (!tomoyo_alphabet_char(c))
553 return false; 553 return false;
554 break; 554 break;
555 case '0': 555 case '0':
556 case '1': 556 case '1':
557 case '2': 557 case '2':
558 case '3': 558 case '3':
559 if (c == '\\' && tomoyo_is_byte_range(filename + 1) 559 if (c == '\\' && tomoyo_byte_range(filename + 1)
560 && strncmp(filename + 1, pattern, 3) == 0) { 560 && strncmp(filename + 1, pattern, 3) == 0) {
561 filename += 3; 561 filename += 3;
562 pattern += 2; 562 pattern += 2;
@@ -577,7 +577,7 @@ static bool tomoyo_file_matches_pattern2(const char *filename,
577 continue; 577 continue;
578 if (filename[i + 1] == '\\') 578 if (filename[i + 1] == '\\')
579 i++; 579 i++;
580 else if (tomoyo_is_byte_range(filename + i + 1)) 580 else if (tomoyo_byte_range(filename + i + 1))
581 i += 3; 581 i += 3;
582 else 582 else
583 break; /* Bad pattern. */ 583 break; /* Bad pattern. */
@@ -593,7 +593,7 @@ static bool tomoyo_file_matches_pattern2(const char *filename,
593 while (isxdigit(filename[j])) 593 while (isxdigit(filename[j]))
594 j++; 594 j++;
595 } else if (c == 'A') { 595 } else if (c == 'A') {
596 while (tomoyo_is_alphabet_char(filename[j])) 596 while (tomoyo_alphabet_char(filename[j]))
597 j++; 597 j++;
598 } 598 }
599 for (i = 1; i <= j; i++) { 599 for (i = 1; i <= j; i++) {
@@ -939,10 +939,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
939 if (perm & (1 << i)) 939 if (perm & (1 << i))
940 count++; 940 count++;
941 break; 941 break;
942 case TOMOYO_TYPE_PATH_NUMBER3_ACL: 942 case TOMOYO_TYPE_MKDEV_ACL:
943 perm = container_of(ptr, struct tomoyo_path_number3_acl, 943 perm = container_of(ptr, struct tomoyo_mkdev_acl,
944 head)->perm; 944 head)->perm;
945 for (i = 0; i < TOMOYO_MAX_PATH_NUMBER3_OPERATION; i++) 945 for (i = 0; i < TOMOYO_MAX_MKDEV_OPERATION; i++)
946 if (perm & (1 << i)) 946 if (perm & (1 << i))
947 count++; 947 count++;
948 break; 948 break;