aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/tomoyo/common.c259
-rw-r--r--security/tomoyo/common.h22
-rw-r--r--security/tomoyo/domain.c140
-rw-r--r--security/tomoyo/file.c87
-rw-r--r--security/tomoyo/number_group.c41
-rw-r--r--security/tomoyo/path_group.c35
6 files changed, 200 insertions, 384 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index cb1aaf148ad4..044115d49033 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1192,75 +1192,216 @@ static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
1192 return -EINVAL; 1192 return -EINVAL;
1193} 1193}
1194 1194
1195static void tomoyo_print_number(char *buffer, int buffer_len,
1196 const struct tomoyo_number_union *ptr)
1197{
1198 int i;
1199 unsigned long min = ptr->values[0];
1200 const unsigned long max = ptr->values[1];
1201 u8 min_type = ptr->min_type;
1202 const u8 max_type = ptr->max_type;
1203 memset(buffer, 0, buffer_len);
1204 buffer_len -= 2;
1205 for (i = 0; i < 2; i++) {
1206 int len;
1207 switch (min_type) {
1208 case TOMOYO_VALUE_TYPE_HEXADECIMAL:
1209 snprintf(buffer, buffer_len, "0x%lX", min);
1210 break;
1211 case TOMOYO_VALUE_TYPE_OCTAL:
1212 snprintf(buffer, buffer_len, "0%lo", min);
1213 break;
1214 default:
1215 snprintf(buffer, buffer_len, "%lu", min);
1216 break;
1217 }
1218 if (min == max && min_type == max_type)
1219 break;
1220 len = strlen(buffer);
1221 buffer[len++] = '-';
1222 buffer += len;
1223 buffer_len -= len;
1224 min_type = max_type;
1225 min = max;
1226 }
1227}
1228
1229static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1230 [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,
1231 [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP
1232};
1233
1195/** 1234/**
1196 * tomoyo_read_exception_policy - Read exception policy. 1235 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1197 * 1236 *
1198 * @head: Pointer to "struct tomoyo_io_buffer". 1237 * @head: Pointer to "struct tomoyo_io_buffer".
1238 * @idx: Index number.
1239 *
1240 * Returns true on success, false otherwise.
1199 * 1241 *
1200 * Caller holds tomoyo_read_lock(). 1242 * Caller holds tomoyo_read_lock().
1201 */ 1243 */
1202static void tomoyo_read_exception_policy(struct tomoyo_io_buffer *head) 1244static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1203{ 1245{
1204 if (!head->read_eof) { 1246 struct list_head *gpos;
1205 switch (head->read_step) { 1247 struct list_head *mpos;
1206 case 0: 1248 const char *w[3] = { "", "", "" };
1207 head->read_var2 = NULL; 1249 w[0] = tomoyo_group_name[idx];
1208 head->read_step = 1; 1250 list_for_each_cookie(gpos, head->read_var1, &tomoyo_group_list[idx]) {
1209 case 1: 1251 struct tomoyo_group *group =
1210 if (!tomoyo_read_domain_keeper_policy(head)) 1252 list_entry(gpos, struct tomoyo_group, list);
1211 break; 1253 w[1] = group->group_name->name;
1212 head->read_var2 = NULL; 1254 list_for_each_cookie(mpos, head->read_var2,
1213 head->read_step = 2; 1255 &group->member_list) {
1214 case 2: 1256 char buffer[128];
1215 if (!tomoyo_read_globally_readable_policy(head)) 1257 struct tomoyo_acl_head *ptr =
1216 break; 1258 list_entry(mpos, struct tomoyo_acl_head, list);
1217 head->read_var2 = NULL; 1259 if (ptr->is_deleted)
1218 head->read_step = 3; 1260 continue;
1219 case 3: 1261 if (idx == TOMOYO_PATH_GROUP) {
1220 head->read_var2 = NULL; 1262 w[2] = container_of(ptr,
1221 head->read_step = 4; 1263 struct tomoyo_path_group,
1222 case 4: 1264 head)->member_name->name;
1223 if (!tomoyo_read_domain_initializer_policy(head)) 1265 } else if (idx == TOMOYO_NUMBER_GROUP) {
1224 break; 1266 tomoyo_print_number(buffer, sizeof(buffer),
1225 head->read_var2 = NULL; 1267 &container_of
1226 head->read_step = 5; 1268 (ptr, struct
1227 case 5: 1269 tomoyo_number_group,
1228 if (!tomoyo_read_alias_policy(head)) 1270 head)->number);
1229 break; 1271 w[2] = buffer;
1230 head->read_var2 = NULL; 1272 }
1231 head->read_step = 6; 1273 if (!tomoyo_io_printf(head, "%s%s %s\n", w[0], w[1],
1232 case 6: 1274 w[2]))
1233 if (!tomoyo_read_aggregator_policy(head)) 1275 return false;
1234 break; 1276 }
1235 head->read_var2 = NULL; 1277 }
1236 head->read_step = 7; 1278 return true;
1237 case 7: 1279}
1238 if (!tomoyo_read_file_pattern(head)) 1280
1239 break; 1281/**
1240 head->read_var2 = NULL; 1282 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1241 head->read_step = 8; 1283 *
1242 case 8: 1284 * @head: Pointer to "struct tomoyo_io_buffer".
1243 if (!tomoyo_read_no_rewrite_policy(head)) 1285 * @idx: Index number.
1244 break; 1286 *
1245 head->read_var2 = NULL; 1287 * Returns true on success, false otherwise.
1246 head->read_step = 9; 1288 *
1247 case 9: 1289 * Caller holds tomoyo_read_lock().
1248 if (!tomoyo_read_path_group_policy(head)) 1290 */
1249 break; 1291static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1250 head->read_var1 = NULL; 1292{
1251 head->read_var2 = NULL; 1293 struct list_head *pos;
1252 head->read_step = 10; 1294 list_for_each_cookie(pos, head->read_var2, &tomoyo_policy_list[idx]) {
1253 case 10: 1295 const char *w[4] = { "", "", "", "" };
1254 if (!tomoyo_read_number_group_policy(head)) 1296 struct tomoyo_acl_head *acl = container_of(pos, typeof(*acl),
1255 break; 1297 list);
1256 head->read_var1 = NULL; 1298 if (acl->is_deleted)
1257 head->read_var2 = NULL; 1299 continue;
1258 head->read_step = 11; 1300 switch (idx) {
1259 case 11: 1301 case TOMOYO_ID_DOMAIN_KEEPER:
1260 head->read_eof = true; 1302 {
1303 struct tomoyo_domain_keeper_entry *ptr =
1304 container_of(acl, typeof(*ptr), head);
1305 w[0] = ptr->is_not ?
1306 TOMOYO_KEYWORD_NO_KEEP_DOMAIN :
1307 TOMOYO_KEYWORD_KEEP_DOMAIN;
1308 if (ptr->program) {
1309 w[1] = ptr->program->name;
1310 w[2] = " from ";
1311 }
1312 w[3] = ptr->domainname->name;
1313 }
1314 break;
1315 case TOMOYO_ID_DOMAIN_INITIALIZER:
1316 {
1317 struct tomoyo_domain_initializer_entry *ptr =
1318 container_of(acl, typeof(*ptr), head);
1319 w[0] = ptr->is_not ?
1320 TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN :
1321 TOMOYO_KEYWORD_INITIALIZE_DOMAIN;
1322 w[1] = ptr->program->name;
1323 if (ptr->domainname) {
1324 w[2] = " from ";
1325 w[3] = ptr->domainname->name;
1326 }
1327 }
1261 break; 1328 break;
1329 case TOMOYO_ID_GLOBALLY_READABLE:
1330 {
1331 struct tomoyo_globally_readable_file_entry *ptr
1332 = container_of(acl, typeof(*ptr), head);
1333 w[0] = TOMOYO_KEYWORD_ALLOW_READ;
1334 w[1] = ptr->filename->name;
1335 }
1336 break;
1337 case TOMOYO_ID_ALIAS:
1338 {
1339 struct tomoyo_alias_entry *ptr =
1340 container_of(acl, typeof(*ptr), head);
1341 w[0] = TOMOYO_KEYWORD_ALIAS;
1342 w[1] = ptr->original_name->name;
1343 w[2] = " ";
1344 w[3] = ptr->aliased_name->name;
1345 }
1346 break;
1347 case TOMOYO_ID_AGGREGATOR:
1348 {
1349 struct tomoyo_aggregator_entry *ptr =
1350 container_of(acl, typeof(*ptr), head);
1351 w[0] = TOMOYO_KEYWORD_AGGREGATOR;
1352 w[1] = ptr->original_name->name;
1353 w[2] = " ";
1354 w[3] = ptr->aggregated_name->name;
1355 }
1356 break;
1357 case TOMOYO_ID_PATTERN:
1358 {
1359 struct tomoyo_pattern_entry *ptr =
1360 container_of(acl, typeof(*ptr), head);
1361 w[0] = TOMOYO_KEYWORD_FILE_PATTERN;
1362 w[1] = ptr->pattern->name;
1363 }
1364 break;
1365 case TOMOYO_ID_NO_REWRITE:
1366 {
1367 struct tomoyo_no_rewrite_entry *ptr =
1368 container_of(acl, typeof(*ptr), head);
1369 w[0] = TOMOYO_KEYWORD_DENY_REWRITE;
1370 w[1] = ptr->pattern->name;
1371 }
1372 break;
1373 default:
1374 continue;
1262 } 1375 }
1376 if (!tomoyo_io_printf(head, "%s%s%s%s\n", w[0], w[1], w[2],
1377 w[3]))
1378 return false;
1263 } 1379 }
1380 return true;
1381}
1382
1383/**
1384 * tomoyo_read_exception_policy - Read exception policy.
1385 *
1386 * @head: Pointer to "struct tomoyo_io_buffer".
1387 *
1388 * Caller holds tomoyo_read_lock().
1389 */
1390static void tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
1391{
1392 if (head->read_eof)
1393 return;
1394 while (head->read_step < TOMOYO_MAX_POLICY &&
1395 tomoyo_read_policy(head, head->read_step))
1396 head->read_step++;
1397 if (head->read_step < TOMOYO_MAX_POLICY)
1398 return;
1399 while (head->read_step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1400 tomoyo_read_group(head, head->read_step - TOMOYO_MAX_POLICY))
1401 head->read_step++;
1402 if (head->read_step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1403 return;
1404 head->read_eof = true;
1264} 1405}
1265 1406
1266/** 1407/**
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 451dc3c1036a..21eb1e7885b8 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -794,28 +794,6 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
794bool tomoyo_print_number_union(struct tomoyo_io_buffer *head, 794bool tomoyo_print_number_union(struct tomoyo_io_buffer *head,
795 const struct tomoyo_number_union *ptr); 795 const struct tomoyo_number_union *ptr);
796bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num); 796bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num);
797
798/* Read "aggregator" entry in exception policy. */
799bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head);
800/* Read "alias" entry in exception policy. */
801bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head);
802/*
803 * Read "initialize_domain" and "no_initialize_domain" entry
804 * in exception policy.
805 */
806bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head);
807/* Read "keep_domain" and "no_keep_domain" entry in exception policy. */
808bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head);
809/* Read "file_pattern" entry in exception policy. */
810bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head);
811/* Read "path_group" entry in exception policy. */
812bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head);
813/* Read "number_group" entry in exception policy. */
814bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head);
815/* Read "allow_read" entry in exception policy. */
816bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head);
817/* Read "deny_rewrite" entry in exception policy. */
818bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head);
819/* Tokenize a line. */ 797/* Tokenize a line. */
820bool tomoyo_tokenize(char *buffer, char *w[], size_t size); 798bool tomoyo_tokenize(char *buffer, char *w[], size_t size);
821/* Write domain policy violation warning message to console? */ 799/* Write domain policy violation warning message to console? */
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 3575b0e7c7fd..038071a8a3d3 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -210,45 +210,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
210} 210}
211 211
212/** 212/**
213 * tomoyo_read_domain_initializer_policy - Read "struct tomoyo_domain_initializer_entry" list.
214 *
215 * @head: Pointer to "struct tomoyo_io_buffer".
216 *
217 * Returns true on success, false otherwise.
218 *
219 * Caller holds tomoyo_read_lock().
220 */
221bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head)
222{
223 struct list_head *pos;
224 bool done = true;
225
226 list_for_each_cookie(pos, head->read_var2, &tomoyo_policy_list
227 [TOMOYO_ID_DOMAIN_INITIALIZER]) {
228 const char *no;
229 const char *from = "";
230 const char *domain = "";
231 struct tomoyo_domain_initializer_entry *ptr;
232 ptr = list_entry(pos, struct tomoyo_domain_initializer_entry,
233 head.list);
234 if (ptr->head.is_deleted)
235 continue;
236 no = ptr->is_not ? "no_" : "";
237 if (ptr->domainname) {
238 from = " from ";
239 domain = ptr->domainname->name;
240 }
241 done = tomoyo_io_printf(head,
242 "%s" TOMOYO_KEYWORD_INITIALIZE_DOMAIN
243 "%s%s%s\n", no, ptr->program->name,
244 from, domain);
245 if (!done)
246 break;
247 }
248 return done;
249}
250
251/**
252 * tomoyo_write_domain_initializer_policy - Write "struct tomoyo_domain_initializer_entry" list. 213 * tomoyo_write_domain_initializer_policy - Write "struct tomoyo_domain_initializer_entry" list.
253 * 214 *
254 * @data: String to parse. 215 * @data: String to parse.
@@ -399,46 +360,6 @@ int tomoyo_write_domain_keeper_policy(char *data, const bool is_not,
399} 360}
400 361
401/** 362/**
402 * tomoyo_read_domain_keeper_policy - Read "struct tomoyo_domain_keeper_entry" list.
403 *
404 * @head: Pointer to "struct tomoyo_io_buffer".
405 *
406 * Returns true on success, false otherwise.
407 *
408 * Caller holds tomoyo_read_lock().
409 */
410bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
411{
412 struct list_head *pos;
413 bool done = true;
414
415 list_for_each_cookie(pos, head->read_var2,
416 &tomoyo_policy_list[TOMOYO_ID_DOMAIN_KEEPER]) {
417 struct tomoyo_domain_keeper_entry *ptr;
418 const char *no;
419 const char *from = "";
420 const char *program = "";
421
422 ptr = list_entry(pos, struct tomoyo_domain_keeper_entry,
423 head.list);
424 if (ptr->head.is_deleted)
425 continue;
426 no = ptr->is_not ? "no_" : "";
427 if (ptr->program) {
428 from = " from ";
429 program = ptr->program->name;
430 }
431 done = tomoyo_io_printf(head,
432 "%s" TOMOYO_KEYWORD_KEEP_DOMAIN
433 "%s%s%s\n", no, program, from,
434 ptr->domainname->name);
435 if (!done)
436 break;
437 }
438 return done;
439}
440
441/**
442 * tomoyo_domain_keeper - Check whether the given program causes domain transition suppression. 363 * tomoyo_domain_keeper - Check whether the given program causes domain transition suppression.
443 * 364 *
444 * @domainname: The name of domain. 365 * @domainname: The name of domain.
@@ -527,37 +448,6 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
527} 448}
528 449
529/** 450/**
530 * tomoyo_read_aggregator_policy - Read "struct tomoyo_aggregator_entry" list.
531 *
532 * @head: Pointer to "struct tomoyo_io_buffer".
533 *
534 * Returns true on success, false otherwise.
535 *
536 * Caller holds tomoyo_read_lock().
537 */
538bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head)
539{
540 struct list_head *pos;
541 bool done = true;
542
543 list_for_each_cookie(pos, head->read_var2,
544 &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR]) {
545 struct tomoyo_aggregator_entry *ptr;
546
547 ptr = list_entry(pos, struct tomoyo_aggregator_entry,
548 head.list);
549 if (ptr->head.is_deleted)
550 continue;
551 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_AGGREGATOR
552 "%s %s\n", ptr->original_name->name,
553 ptr->aggregated_name->name);
554 if (!done)
555 break;
556 }
557 return done;
558}
559
560/**
561 * tomoyo_write_aggregator_policy - Write "struct tomoyo_aggregator_entry" list. 451 * tomoyo_write_aggregator_policy - Write "struct tomoyo_aggregator_entry" list.
562 * 452 *
563 * @data: String to parse. 453 * @data: String to parse.
@@ -624,36 +514,6 @@ static int tomoyo_update_alias_entry(const char *original_name,
624} 514}
625 515
626/** 516/**
627 * tomoyo_read_alias_policy - Read "struct tomoyo_alias_entry" list.
628 *
629 * @head: Pointer to "struct tomoyo_io_buffer".
630 *
631 * Returns true on success, false otherwise.
632 *
633 * Caller holds tomoyo_read_lock().
634 */
635bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head)
636{
637 struct list_head *pos;
638 bool done = true;
639
640 list_for_each_cookie(pos, head->read_var2,
641 &tomoyo_policy_list[TOMOYO_ID_ALIAS]) {
642 struct tomoyo_alias_entry *ptr;
643
644 ptr = list_entry(pos, struct tomoyo_alias_entry, head.list);
645 if (ptr->head.is_deleted)
646 continue;
647 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALIAS "%s %s\n",
648 ptr->original_name->name,
649 ptr->aliased_name->name);
650 if (!done)
651 break;
652 }
653 return done;
654}
655
656/**
657 * tomoyo_write_alias_policy - Write "struct tomoyo_alias_entry" list. 517 * tomoyo_write_alias_policy - Write "struct tomoyo_alias_entry" list.
658 * 518 *
659 * @data: String to parse. 519 * @data: String to parse.
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index df3b203d7d4f..e7687ebdc5f6 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -344,36 +344,6 @@ int tomoyo_write_globally_readable_policy(char *data, const bool is_delete)
344 return tomoyo_update_globally_readable_entry(data, is_delete); 344 return tomoyo_update_globally_readable_entry(data, is_delete);
345} 345}
346 346
347/**
348 * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list.
349 *
350 * @head: Pointer to "struct tomoyo_io_buffer".
351 *
352 * Returns true on success, false otherwise.
353 *
354 * Caller holds tomoyo_read_lock().
355 */
356bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
357{
358 struct list_head *pos;
359 bool done = true;
360
361 list_for_each_cookie(pos, head->read_var2,
362 &tomoyo_policy_list[TOMOYO_ID_GLOBALLY_READABLE]) {
363 struct tomoyo_globally_readable_file_entry *ptr;
364 ptr = list_entry(pos,
365 struct tomoyo_globally_readable_file_entry,
366 head.list);
367 if (ptr->head.is_deleted)
368 continue;
369 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_READ "%s\n",
370 ptr->filename->name);
371 if (!done)
372 break;
373 }
374 return done;
375}
376
377static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, 347static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a,
378 const struct tomoyo_acl_head *b) 348 const struct tomoyo_acl_head *b)
379{ 349{
@@ -457,34 +427,6 @@ int tomoyo_write_pattern_policy(char *data, const bool is_delete)
457 return tomoyo_update_file_pattern_entry(data, is_delete); 427 return tomoyo_update_file_pattern_entry(data, is_delete);
458} 428}
459 429
460/**
461 * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list.
462 *
463 * @head: Pointer to "struct tomoyo_io_buffer".
464 *
465 * Returns true on success, false otherwise.
466 *
467 * Caller holds tomoyo_read_lock().
468 */
469bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
470{
471 struct list_head *pos;
472 bool done = true;
473
474 list_for_each_cookie(pos, head->read_var2,
475 &tomoyo_policy_list[TOMOYO_ID_PATTERN]) {
476 struct tomoyo_pattern_entry *ptr;
477 ptr = list_entry(pos, struct tomoyo_pattern_entry, head.list);
478 if (ptr->head.is_deleted)
479 continue;
480 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_FILE_PATTERN
481 "%s\n", ptr->pattern->name);
482 if (!done)
483 break;
484 }
485 return done;
486}
487
488static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, 430static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a,
489 const struct tomoyo_acl_head *b) 431 const struct tomoyo_acl_head *b)
490{ 432{
@@ -563,35 +505,6 @@ int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete)
563 return tomoyo_update_no_rewrite_entry(data, is_delete); 505 return tomoyo_update_no_rewrite_entry(data, is_delete);
564} 506}
565 507
566/**
567 * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list.
568 *
569 * @head: Pointer to "struct tomoyo_io_buffer".
570 *
571 * Returns true on success, false otherwise.
572 *
573 * Caller holds tomoyo_read_lock().
574 */
575bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
576{
577 struct list_head *pos;
578 bool done = true;
579
580 list_for_each_cookie(pos, head->read_var2,
581 &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE]) {
582 struct tomoyo_no_rewrite_entry *ptr;
583 ptr = list_entry(pos, struct tomoyo_no_rewrite_entry,
584 head.list);
585 if (ptr->head.is_deleted)
586 continue;
587 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_DENY_REWRITE
588 "%s\n", ptr->pattern->name);
589 if (!done)
590 break;
591 }
592 return done;
593}
594
595static bool tomoyo_check_path_acl(const struct tomoyo_request_info *r, 508static bool tomoyo_check_path_acl(const struct tomoyo_request_info *r,
596 const struct tomoyo_acl_info *ptr) 509 const struct tomoyo_acl_info *ptr)
597{ 510{
diff --git a/security/tomoyo/number_group.c b/security/tomoyo/number_group.c
index 99694153b947..5e75f5314bda 100644
--- a/security/tomoyo/number_group.c
+++ b/security/tomoyo/number_group.c
@@ -97,47 +97,6 @@ int tomoyo_write_number_group_policy(char *data, const bool is_delete)
97} 97}
98 98
99/** 99/**
100 * tomoyo_read_number_group_policy - Read "struct tomoyo_number_group" list.
101 *
102 * @head: Pointer to "struct tomoyo_io_buffer".
103 *
104 * Returns true on success, false otherwise.
105 *
106 * Caller holds tomoyo_read_lock().
107 */
108bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head)
109{
110 struct list_head *gpos;
111 struct list_head *mpos;
112 list_for_each_cookie(gpos, head->read_var1,
113 &tomoyo_group_list[TOMOYO_NUMBER_GROUP]) {
114 struct tomoyo_group *group;
115 const char *name;
116 group = list_entry(gpos, struct tomoyo_group, list);
117 name = group->group_name->name;
118 list_for_each_cookie(mpos, head->read_var2,
119 &group->member_list) {
120 int pos;
121 const struct tomoyo_number_group *member
122 = list_entry(mpos,
123 struct tomoyo_number_group,
124 head.list);
125 if (member->head.is_deleted)
126 continue;
127 pos = head->read_avail;
128 if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_NUMBER_GROUP
129 "%s", name) ||
130 !tomoyo_print_number_union(head, &member->number) ||
131 !tomoyo_io_printf(head, "\n")) {
132 head->read_avail = pos;
133 return false;
134 }
135 }
136 }
137 return true;
138}
139
140/**
141 * tomoyo_number_matches_group - Check whether the given number matches members of the given number group. 100 * tomoyo_number_matches_group - Check whether the given number matches members of the given number group.
142 * 101 *
143 * @min: Min number. 102 * @min: Min number.
diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c
index 44e8a5b1ca67..2f9f9240bf5a 100644
--- a/security/tomoyo/path_group.c
+++ b/security/tomoyo/path_group.c
@@ -95,41 +95,6 @@ int tomoyo_write_path_group_policy(char *data, const bool is_delete)
95} 95}
96 96
97/** 97/**
98 * tomoyo_read_path_group_policy - Read "struct tomoyo_path_group" list.
99 *
100 * @head: Pointer to "struct tomoyo_io_buffer".
101 *
102 * Returns true on success, false otherwise.
103 *
104 * Caller holds tomoyo_read_lock().
105 */
106bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head)
107{
108 struct list_head *gpos;
109 struct list_head *mpos;
110 list_for_each_cookie(gpos, head->read_var1,
111 &tomoyo_group_list[TOMOYO_PATH_GROUP]) {
112 struct tomoyo_group *group;
113 group = list_entry(gpos, struct tomoyo_group, list);
114 list_for_each_cookie(mpos, head->read_var2,
115 &group->member_list) {
116 struct tomoyo_path_group *member;
117 member = list_entry(mpos,
118 struct tomoyo_path_group,
119 head.list);
120 if (member->head.is_deleted)
121 continue;
122 if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_PATH_GROUP
123 "%s %s\n",
124 group->group_name->name,
125 member->member_name->name))
126 return false;
127 }
128 }
129 return true;
130}
131
132/**
133 * tomoyo_path_matches_group - Check whether the given pathname matches members of the given pathname group. 98 * tomoyo_path_matches_group - Check whether the given pathname matches members of the given pathname group.
134 * 99 *
135 * @pathname: The name of pathname. 100 * @pathname: The name of pathname.
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-15 19:26:50 -0500