aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/common.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r--security/tomoyo/common.h28
1 files changed, 22 insertions, 6 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 3d819b139165..dc5f98f52f61 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -20,6 +20,7 @@
20#include <linux/mount.h> 20#include <linux/mount.h>
21#include <linux/list.h> 21#include <linux/list.h>
22#include <linux/cred.h> 22#include <linux/cred.h>
23#include <linux/poll.h>
23struct linux_binprm; 24struct linux_binprm;
24 25
25/********** Constants definitions. **********/ 26/********** Constants definitions. **********/
@@ -156,9 +157,12 @@ enum tomoyo_securityfs_interface_index {
156 TOMOYO_SELFDOMAIN, 157 TOMOYO_SELFDOMAIN,
157 TOMOYO_VERSION, 158 TOMOYO_VERSION,
158 TOMOYO_PROFILE, 159 TOMOYO_PROFILE,
160 TOMOYO_QUERY,
159 TOMOYO_MANAGER 161 TOMOYO_MANAGER
160}; 162};
161 163
164#define TOMOYO_RETRY_REQUEST 1 /* Retry this request. */
165
162/********** Structure definitions. **********/ 166/********** Structure definitions. **********/
163 167
164/* 168/*
@@ -176,10 +180,14 @@ struct tomoyo_page_buffer {
176 * tomoyo_request_info is a structure which is used for holding 180 * tomoyo_request_info is a structure which is used for holding
177 * 181 *
178 * (1) Domain information of current process. 182 * (1) Domain information of current process.
179 * (2) Access control mode of the profile. 183 * (2) How many retries are made for this request.
184 * (3) Profile number used for this request.
185 * (4) Access control mode of the profile.
180 */ 186 */
181struct tomoyo_request_info { 187struct tomoyo_request_info {
182 struct tomoyo_domain_info *domain; 188 struct tomoyo_domain_info *domain;
189 u8 retry;
190 u8 profile;
183 u8 mode; /* One of tomoyo_mode_index . */ 191 u8 mode; /* One of tomoyo_mode_index . */
184}; 192};
185 193
@@ -484,6 +492,7 @@ struct tomoyo_mount_acl {
484struct tomoyo_io_buffer { 492struct tomoyo_io_buffer {
485 int (*read) (struct tomoyo_io_buffer *); 493 int (*read) (struct tomoyo_io_buffer *);
486 int (*write) (struct tomoyo_io_buffer *); 494 int (*write) (struct tomoyo_io_buffer *);
495 int (*poll) (struct file *file, poll_table *wait);
487 /* Exclusive lock for this structure. */ 496 /* Exclusive lock for this structure. */
488 struct mutex io_sem; 497 struct mutex io_sem;
489 /* Index returned by tomoyo_read_lock(). */ 498 /* Index returned by tomoyo_read_lock(). */
@@ -514,6 +523,8 @@ struct tomoyo_io_buffer {
514 int write_avail; 523 int write_avail;
515 /* Size of write buffer. */ 524 /* Size of write buffer. */
516 int writebuf_size; 525 int writebuf_size;
526 /* Type of this interface. */
527 u8 type;
517}; 528};
518 529
519/* 530/*
@@ -659,14 +670,15 @@ struct tomoyo_policy_manager_entry {
659 670
660/********** Function prototypes. **********/ 671/********** Function prototypes. **********/
661 672
673extern asmlinkage long sys_getpid(void);
674extern asmlinkage long sys_getppid(void);
675
662/* Check whether the given name matches the given name_union. */ 676/* Check whether the given name matches the given name_union. */
663bool tomoyo_compare_name_union(const struct tomoyo_path_info *name, 677bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,
664 const struct tomoyo_name_union *ptr); 678 const struct tomoyo_name_union *ptr);
665/* Check whether the given number matches the given number_union. */ 679/* Check whether the given number matches the given number_union. */
666bool tomoyo_compare_number_union(const unsigned long value, 680bool tomoyo_compare_number_union(const unsigned long value,
667 const struct tomoyo_number_union *ptr); 681 const struct tomoyo_number_union *ptr);
668/* Check whether the domain has too many ACL entries to hold. */
669bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
670/* Transactional sprintf() for policy dump. */ 682/* Transactional sprintf() for policy dump. */
671bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 683bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
672 __attribute__ ((format(printf, 2, 3))); 684 __attribute__ ((format(printf, 2, 3)));
@@ -763,6 +775,8 @@ int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete);
763int tomoyo_write_pattern_policy(char *data, const bool is_delete); 775int tomoyo_write_pattern_policy(char *data, const bool is_delete);
764/* Create "path_group" entry in exception policy. */ 776/* Create "path_group" entry in exception policy. */
765int tomoyo_write_path_group_policy(char *data, const bool is_delete); 777int tomoyo_write_path_group_policy(char *data, const bool is_delete);
778int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
779 __attribute__ ((format(printf, 2, 3)));
766/* Create "number_group" entry in exception policy. */ 780/* Create "number_group" entry in exception policy. */
767int tomoyo_write_number_group_policy(char *data, const bool is_delete); 781int tomoyo_write_number_group_policy(char *data, const bool is_delete);
768/* Find a domain by the given name. */ 782/* Find a domain by the given name. */
@@ -771,9 +785,6 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
771struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * 785struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
772 domainname, 786 domainname,
773 const u8 profile); 787 const u8 profile);
774/* Get patterned pathname. */
775const struct tomoyo_path_info *
776tomoyo_get_file_pattern(const struct tomoyo_path_info *filename);
777/* Allocate memory for "struct tomoyo_path_group". */ 788/* Allocate memory for "struct tomoyo_path_group". */
778struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name); 789struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name);
779struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name); 790struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name);
@@ -807,6 +818,8 @@ char *tomoyo_realpath(const char *pathname);
807char *tomoyo_realpath_nofollow(const char *pathname); 818char *tomoyo_realpath_nofollow(const char *pathname);
808/* Same with tomoyo_realpath() except that the pathname is already solved. */ 819/* Same with tomoyo_realpath() except that the pathname is already solved. */
809char *tomoyo_realpath_from_path(struct path *path); 820char *tomoyo_realpath_from_path(struct path *path);
821/* Get patterned pathname. */
822const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename);
810 823
811/* Check memory quota. */ 824/* Check memory quota. */
812bool tomoyo_memory_ok(void *ptr); 825bool tomoyo_memory_ok(void *ptr);
@@ -878,6 +891,9 @@ extern bool tomoyo_policy_loaded;
878/* The kernel's domain. */ 891/* The kernel's domain. */
879extern struct tomoyo_domain_info tomoyo_kernel_domain; 892extern struct tomoyo_domain_info tomoyo_kernel_domain;
880 893
894extern unsigned int tomoyo_quota_for_query;
895extern unsigned int tomoyo_query_memory_size;
896
881/********** Inlined functions. **********/ 897/********** Inlined functions. **********/
882 898
883static inline int tomoyo_read_lock(void) 899static inline int tomoyo_read_lock(void)
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-14 17:58:39 -0500