1 files changed, 45 insertions, 32 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 2e6792ded357..2cfadafd02f5 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -611,8 +611,11 @@ static int tomoyo_update_manager_entry(const char *manager,
                                       const bool is_delete)
 {
        struct tomoyo_manager e = { };
-        int error;
+        struct tomoyo_acl_param param = {
+                .is_delete = is_delete,
+                .list = &tomoyo_policy_list[TOMOYO_ID_MANAGER],
+        };
+        int error = is_delete ? -ENOENT : -ENOMEM;
        if (tomoyo_domain_def(manager)) {
                if (!tomoyo_correct_domain(manager))
                        return -EINVAL;
@@ -622,12 +625,11 @@ static int tomoyo_update_manager_entry(const char *manager,
                        return -EINVAL;
        }
        e.manager = tomoyo_get_name(manager);
-        if (!e.manager)
+        if (e.manager) {
-                return -ENOMEM;
+                error = tomoyo_update_policy(&e.head, sizeof(e), &param,
-        error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                             tomoyo_same_manager);
-                                     &tomoyo_policy_list[TOMOYO_ID_MANAGER],
+                tomoyo_put_name(e.manager);
-                                     tomoyo_same_manager);
+        }
-        tomoyo_put_name(e.manager);
        return error;
 }
@@ -821,18 +823,36 @@ static int tomoyo_delete_domain(char *domainname)
 /**
 * tomoyo_write_domain2 - Write domain policy.
 *
- * @head: Pointer to "struct tomoyo_io_buffer".
+ * @list:      Pointer to "struct list_head".
+ * @data:      Policy to be interpreted.
+ * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds tomoyo_read_lock().
 */
-static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain,
+static int tomoyo_write_domain2(struct list_head *list, char *data,
                                const bool is_delete)
 {
-        if (tomoyo_str_starts(&data, "allow_mount "))
+        struct tomoyo_acl_param param = {
-                return tomoyo_write_mount(data, domain, is_delete);
+                .list = list,
-        return tomoyo_write_file(data, domain, is_delete);
+                .data = data,
+                .is_delete = is_delete,
+        };
+        static const struct {
+                const char *keyword;
+                int (*write) (struct tomoyo_acl_param *);
+        } tomoyo_callback[1] = {
+                { "file ", tomoyo_write_file },
+        };
+        u8 i;
+        for (i = 0; i < 1; i++) {
+                if (!tomoyo_str_starts(&param.data,
+                                       tomoyo_callback[i].keyword))
+                        continue;
+                return tomoyo_callback[i].write(&param);
+        }
+        return -EINVAL;
 }
 /**
@@ -889,7 +909,7 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
                domain->transition_failed = !is_delete;
                return 0;
        }
-        return tomoyo_write_domain2(data, domain, is_delete);
+        return tomoyo_write_domain2(&domain->acl_info_list, data, is_delete);
 }
 /**
@@ -1213,26 +1233,19 @@ static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
 */
 static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
 {
-        char *data = head->write_buf;
+        struct tomoyo_acl_param param = {
-        bool is_delete = tomoyo_str_starts(&data, "delete ");
+                .data = head->write_buf,
-        u8 i;
-        static const struct {
-                const char *keyword;
-                int (*write) (char *, const bool);
-        } tomoyo_callback[1] = {
-                { "aggregator ", tomoyo_write_aggregator },
        };
+        u8 i;
+        param.is_delete = tomoyo_str_starts(&param.data, "delete ");
+        if (tomoyo_str_starts(&param.data, "aggregator "))
+                return tomoyo_write_aggregator(&param);
        for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
-                if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))
+                if (tomoyo_str_starts(&param.data, tomoyo_transition_type[i]))
-                        return tomoyo_write_transition_control(data, is_delete,
+                        return tomoyo_write_transition_control(&param, i);
-                                                               i);
-        for (i = 0; i < 1; i++)
-                if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword))
-                        return tomoyo_callback[i].write(data, is_delete);
        for (i = 0; i < TOMOYO_MAX_GROUP; i++)
-                if (tomoyo_str_starts(&data, tomoyo_group_name[i]))
+                if (tomoyo_str_starts(&param.data, tomoyo_group_name[i]))
-                        return tomoyo_write_group(data, is_delete, i);
+                        return tomoyo_write_group(&param, i);
        return -EINVAL;
 }
@@ -1490,7 +1503,7 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
                vsnprintf(buffer, len - 1, fmt, args);
                va_end(args);
                tomoyo_normalize_line(buffer);
-                tomoyo_write_domain2(buffer, r->domain, false);
+                tomoyo_write_domain2(&r->domain->acl_info_list, buffer, false);
                kfree(buffer);
                /* fall through */
        case TOMOYO_CONFIG_PERMISSIVE:

diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 2e6792ded357..2cfadafd02f5 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c
@@ -611,8 +611,11 @@ static int tomoyo_update_manager_entry(const char *manager,
611	const bool is_delete)	611	const bool is_delete)
612	{	612	{
613	struct tomoyo_manager e = { };	613	struct tomoyo_manager e = { };
614	int error;	614	struct tomoyo_acl_param param = {
615		615	.is_delete = is_delete,
		616	.list = &tomoyo_policy_list[TOMOYO_ID_MANAGER],
		617	};
		618	int error = is_delete ? -ENOENT : -ENOMEM;
616	if (tomoyo_domain_def(manager)) {	619	if (tomoyo_domain_def(manager)) {
617	if (!tomoyo_correct_domain(manager))	620	if (!tomoyo_correct_domain(manager))
618	return -EINVAL;	621	return -EINVAL;
@@ -622,12 +625,11 @@ static int tomoyo_update_manager_entry(const char *manager,
622	return -EINVAL;	625	return -EINVAL;
623	}	626	}
624	e.manager = tomoyo_get_name(manager);	627	e.manager = tomoyo_get_name(manager);
625	if (!e.manager)	628	if (e.manager) {
626	return -ENOMEM;	629	error = tomoyo_update_policy(&e.head, sizeof(e), &param,
627	error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,	630	tomoyo_same_manager);
628	&tomoyo_policy_list[TOMOYO_ID_MANAGER],	631	tomoyo_put_name(e.manager);
629	tomoyo_same_manager);	632	}
630	tomoyo_put_name(e.manager);
631	return error;	633	return error;
632	}	634	}
633		635
@@ -821,18 +823,36 @@ static int tomoyo_delete_domain(char *domainname)
821	/**	823	/**
822	* tomoyo_write_domain2 - Write domain policy.	824	* tomoyo_write_domain2 - Write domain policy.
823	*	825	*
824	* @head: Pointer to "struct tomoyo_io_buffer".	826	* @list: Pointer to "struct list_head".
		827	* @data: Policy to be interpreted.
		828	* @is_delete: True if it is a delete request.
825	*	829	*
826	* Returns 0 on success, negative value otherwise.	830	* Returns 0 on success, negative value otherwise.
827	*	831	*
828	* Caller holds tomoyo_read_lock().	832	* Caller holds tomoyo_read_lock().
829	*/	833	*/
830	static int tomoyo_write_domain2(char data, struct tomoyo_domain_info domain,	834	static int tomoyo_write_domain2(struct list_head list, char data,
831	const bool is_delete)	835	const bool is_delete)
832	{	836	{
833	if (tomoyo_str_starts(&data, "allow_mount "))	837	struct tomoyo_acl_param param = {
834	return tomoyo_write_mount(data, domain, is_delete);	838	.list = list,
835	return tomoyo_write_file(data, domain, is_delete);	839	.data = data,
		840	.is_delete = is_delete,
		841	};
		842	static const struct {
		843	const char *keyword;
		844	int (write) (struct tomoyo_acl_param );
		845	} tomoyo_callback[1] = {
		846	{ "file ", tomoyo_write_file },
		847	};
		848	u8 i;
		849	for (i = 0; i < 1; i++) {
		850	if (!tomoyo_str_starts(&param.data,
		851	tomoyo_callback[i].keyword))
		852	continue;
		853	return tomoyo_callback[i].write(&param);
		854	}
		855	return -EINVAL;
836	}	856	}
837		857
838	/**	858	/**
@@ -889,7 +909,7 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
889	domain->transition_failed = !is_delete;	909	domain->transition_failed = !is_delete;
890	return 0;	910	return 0;
891	}	911	}
892	return tomoyo_write_domain2(data, domain, is_delete);	912	return tomoyo_write_domain2(&domain->acl_info_list, data, is_delete);
893	}	913	}
894		914
895	/**	915	/**
@@ -1213,26 +1233,19 @@ static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1213	*/	1233	*/
1214	static int tomoyo_write_exception(struct tomoyo_io_buffer *head)	1234	static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1215	{	1235	{
1216	char *data = head->write_buf;	1236	struct tomoyo_acl_param param = {
1217	bool is_delete = tomoyo_str_starts(&data, "delete ");	1237	.data = head->write_buf,
1218	u8 i;
1219	static const struct {
1220	const char *keyword;
1221	int (write) (char , const bool);
1222	} tomoyo_callback[1] = {
1223	{ "aggregator ", tomoyo_write_aggregator },
1224	};	1238	};
1225		1239	u8 i;
		1240	param.is_delete = tomoyo_str_starts(&param.data, "delete ");
		1241	if (tomoyo_str_starts(&param.data, "aggregator "))
		1242	return tomoyo_write_aggregator(&param);
1226	for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)	1243	for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1227	if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))	1244	if (tomoyo_str_starts(&param.data, tomoyo_transition_type[i]))
1228	return tomoyo_write_transition_control(data, is_delete,	1245	return tomoyo_write_transition_control(&param, i);
1229	i);
1230	for (i = 0; i < 1; i++)
1231	if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword))
1232	return tomoyo_callback[i].write(data, is_delete);
1233	for (i = 0; i < TOMOYO_MAX_GROUP; i++)	1246	for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1234	if (tomoyo_str_starts(&data, tomoyo_group_name[i]))	1247	if (tomoyo_str_starts(&param.data, tomoyo_group_name[i]))
1235	return tomoyo_write_group(data, is_delete, i);	1248	return tomoyo_write_group(&param, i);
1236	return -EINVAL;	1249	return -EINVAL;
1237	}	1250	}
1238		1251
@@ -1490,7 +1503,7 @@ int tomoyo_supervisor(struct tomoyo_request_info r, const char fmt, ...)
1490	vsnprintf(buffer, len - 1, fmt, args);	1503	vsnprintf(buffer, len - 1, fmt, args);
1491	va_end(args);	1504	va_end(args);
1492	tomoyo_normalize_line(buffer);	1505	tomoyo_normalize_line(buffer);
1493	tomoyo_write_domain2(buffer, r->domain, false);	1506	tomoyo_write_domain2(&r->domain->acl_info_list, buffer, false);
1494	kfree(buffer);	1507	kfree(buffer);
1495	/* fall through */	1508	/* fall through */
1496	case TOMOYO_CONFIG_PERMISSIVE:	1509	case TOMOYO_CONFIG_PERMISSIVE: