aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/common.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/common.c')
-rw-r--r--security/tomoyo/common.c55
1 files changed, 22 insertions, 33 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 0e6b1b598b86..6568ef18112b 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1150,6 +1150,15 @@ static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1150 } 1150 }
1151} 1151}
1152 1152
1153static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1154 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE]
1155 = TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN,
1156 [TOMOYO_TRANSITION_CONTROL_INITIALIZE]
1157 = TOMOYO_KEYWORD_INITIALIZE_DOMAIN,
1158 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = TOMOYO_KEYWORD_NO_KEEP_DOMAIN,
1159 [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN
1160};
1161
1153/** 1162/**
1154 * tomoyo_write_exception_policy - Write exception policy. 1163 * tomoyo_write_exception_policy - Write exception policy.
1155 * 1164 *
@@ -1163,18 +1172,13 @@ static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
1163{ 1172{
1164 char *data = head->write_buf; 1173 char *data = head->write_buf;
1165 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1174 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1175 u8 i;
1166 1176
1167 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_KEEP_DOMAIN)) 1177 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) {
1168 return tomoyo_write_domain_keeper_policy(data, false, 1178 if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))
1169 is_delete); 1179 return tomoyo_write_transition_control(data, is_delete,
1170 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_KEEP_DOMAIN)) 1180 i);
1171 return tomoyo_write_domain_keeper_policy(data, true, is_delete); 1181 }
1172 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_INITIALIZE_DOMAIN))
1173 return tomoyo_write_domain_initializer_policy(data, false,
1174 is_delete);
1175 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN))
1176 return tomoyo_write_domain_initializer_policy(data, true,
1177 is_delete);
1178 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR)) 1182 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR))
1179 return tomoyo_write_aggregator_policy(data, is_delete); 1183 return tomoyo_write_aggregator_policy(data, is_delete);
1180 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) 1184 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ))
@@ -1296,32 +1300,17 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1296 if (acl->is_deleted) 1300 if (acl->is_deleted)
1297 continue; 1301 continue;
1298 switch (idx) { 1302 switch (idx) {
1299 case TOMOYO_ID_DOMAIN_KEEPER: 1303 case TOMOYO_ID_TRANSITION_CONTROL:
1300 { 1304 {
1301 struct tomoyo_domain_keeper_entry *ptr = 1305 struct tomoyo_transition_control *ptr =
1302 container_of(acl, typeof(*ptr), head); 1306 container_of(acl, typeof(*ptr), head);
1303 w[0] = ptr->is_not ? 1307 w[0] = tomoyo_transition_type[ptr->type];
1304 TOMOYO_KEYWORD_NO_KEEP_DOMAIN : 1308 if (ptr->program)
1305 TOMOYO_KEYWORD_KEEP_DOMAIN;
1306 if (ptr->program) {
1307 w[1] = ptr->program->name; 1309 w[1] = ptr->program->name;
1308 w[2] = " from "; 1310 if (ptr->domainname)
1309 }
1310 w[3] = ptr->domainname->name;
1311 }
1312 break;
1313 case TOMOYO_ID_DOMAIN_INITIALIZER:
1314 {
1315 struct tomoyo_domain_initializer_entry *ptr =
1316 container_of(acl, typeof(*ptr), head);
1317 w[0] = ptr->is_not ?
1318 TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN :
1319 TOMOYO_KEYWORD_INITIALIZE_DOMAIN;
1320 w[1] = ptr->program->name;
1321 if (ptr->domainname) {
1322 w[2] = " from ";
1323 w[3] = ptr->domainname->name; 1311 w[3] = ptr->domainname->name;
1324 } 1312 if (w[1][0] && w[3][0])
1313 w[2] = " from ";
1325 } 1314 }
1326 break; 1315 break;
1327 case TOMOYO_ID_GLOBALLY_READABLE: 1316 case TOMOYO_ID_GLOBALLY_READABLE:
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-30 10:36:23 -0500