diff options
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r-- | security/tomoyo/common.h | 411 |
1 files changed, 351 insertions, 60 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 509ced9ce698..f6aff59b0885 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -1,12 +1,9 @@ | |||
1 | /* | 1 | /* |
2 | * security/tomoyo/common.h | 2 | * security/tomoyo/common.h |
3 | * | 3 | * |
4 | * Common functions for TOMOYO. | 4 | * Header file for TOMOYO. |
5 | * | ||
6 | * Copyright (C) 2005-2009 NTT DATA CORPORATION | ||
7 | * | ||
8 | * Version: 2.2.0 2009/04/01 | ||
9 | * | 5 | * |
6 | * Copyright (C) 2005-2010 NTT DATA CORPORATION | ||
10 | */ | 7 | */ |
11 | 8 | ||
12 | #ifndef _SECURITY_TOMOYO_COMMON_H | 9 | #ifndef _SECURITY_TOMOYO_COMMON_H |
@@ -22,9 +19,110 @@ | |||
22 | #include <linux/namei.h> | 19 | #include <linux/namei.h> |
23 | #include <linux/mount.h> | 20 | #include <linux/mount.h> |
24 | #include <linux/list.h> | 21 | #include <linux/list.h> |
22 | #include <linux/cred.h> | ||
23 | struct linux_binprm; | ||
24 | |||
25 | /********** Constants definitions. **********/ | ||
26 | |||
27 | /* | ||
28 | * TOMOYO uses this hash only when appending a string into the string | ||
29 | * table. Frequency of appending strings is very low. So we don't need | ||
30 | * large (e.g. 64k) hash size. 256 will be sufficient. | ||
31 | */ | ||
32 | #define TOMOYO_HASH_BITS 8 | ||
33 | #define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS) | ||
34 | |||
35 | /* | ||
36 | * This is the max length of a token. | ||
37 | * | ||
38 | * A token consists of only ASCII printable characters. | ||
39 | * Non printable characters in a token is represented in \ooo style | ||
40 | * octal string. Thus, \ itself is represented as \\. | ||
41 | */ | ||
42 | #define TOMOYO_MAX_PATHNAME_LEN 4000 | ||
43 | |||
44 | /* Profile number is an integer between 0 and 255. */ | ||
45 | #define TOMOYO_MAX_PROFILES 256 | ||
46 | |||
47 | /* Keywords for ACLs. */ | ||
48 | #define TOMOYO_KEYWORD_ALIAS "alias " | ||
49 | #define TOMOYO_KEYWORD_ALLOW_READ "allow_read " | ||
50 | #define TOMOYO_KEYWORD_DELETE "delete " | ||
51 | #define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite " | ||
52 | #define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern " | ||
53 | #define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain " | ||
54 | #define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain " | ||
55 | #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain " | ||
56 | #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain " | ||
57 | #define TOMOYO_KEYWORD_SELECT "select " | ||
58 | #define TOMOYO_KEYWORD_USE_PROFILE "use_profile " | ||
59 | #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read" | ||
60 | /* A domain definition starts with <kernel>. */ | ||
61 | #define TOMOYO_ROOT_NAME "<kernel>" | ||
62 | #define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) | ||
63 | |||
64 | /* Index numbers for Access Controls. */ | ||
65 | #define TOMOYO_MAC_FOR_FILE 0 /* domain_policy.conf */ | ||
66 | #define TOMOYO_MAX_ACCEPT_ENTRY 1 | ||
67 | #define TOMOYO_VERBOSE 2 | ||
68 | #define TOMOYO_MAX_CONTROL_INDEX 3 | ||
69 | |||
70 | /* Index numbers for Access Controls. */ | ||
71 | |||
72 | #define TOMOYO_TYPE_SINGLE_PATH_ACL 0 | ||
73 | #define TOMOYO_TYPE_DOUBLE_PATH_ACL 1 | ||
74 | |||
75 | /* Index numbers for File Controls. */ | ||
76 | |||
77 | /* | ||
78 | * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set | ||
79 | * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and | ||
80 | * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set. | ||
81 | * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or | ||
82 | * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are | ||
83 | * automatically cleared if TYPE_READ_WRITE_ACL is cleared. | ||
84 | */ | ||
85 | |||
86 | #define TOMOYO_TYPE_READ_WRITE_ACL 0 | ||
87 | #define TOMOYO_TYPE_EXECUTE_ACL 1 | ||
88 | #define TOMOYO_TYPE_READ_ACL 2 | ||
89 | #define TOMOYO_TYPE_WRITE_ACL 3 | ||
90 | #define TOMOYO_TYPE_CREATE_ACL 4 | ||
91 | #define TOMOYO_TYPE_UNLINK_ACL 5 | ||
92 | #define TOMOYO_TYPE_MKDIR_ACL 6 | ||
93 | #define TOMOYO_TYPE_RMDIR_ACL 7 | ||
94 | #define TOMOYO_TYPE_MKFIFO_ACL 8 | ||
95 | #define TOMOYO_TYPE_MKSOCK_ACL 9 | ||
96 | #define TOMOYO_TYPE_MKBLOCK_ACL 10 | ||
97 | #define TOMOYO_TYPE_MKCHAR_ACL 11 | ||
98 | #define TOMOYO_TYPE_TRUNCATE_ACL 12 | ||
99 | #define TOMOYO_TYPE_SYMLINK_ACL 13 | ||
100 | #define TOMOYO_TYPE_REWRITE_ACL 14 | ||
101 | #define TOMOYO_TYPE_IOCTL_ACL 15 | ||
102 | #define TOMOYO_TYPE_CHMOD_ACL 16 | ||
103 | #define TOMOYO_TYPE_CHOWN_ACL 17 | ||
104 | #define TOMOYO_TYPE_CHGRP_ACL 18 | ||
105 | #define TOMOYO_TYPE_CHROOT_ACL 19 | ||
106 | #define TOMOYO_TYPE_MOUNT_ACL 20 | ||
107 | #define TOMOYO_TYPE_UMOUNT_ACL 21 | ||
108 | #define TOMOYO_MAX_SINGLE_PATH_OPERATION 22 | ||
109 | |||
110 | #define TOMOYO_TYPE_LINK_ACL 0 | ||
111 | #define TOMOYO_TYPE_RENAME_ACL 1 | ||
112 | #define TOMOYO_TYPE_PIVOT_ROOT_ACL 2 | ||
113 | #define TOMOYO_MAX_DOUBLE_PATH_OPERATION 3 | ||
114 | |||
115 | #define TOMOYO_DOMAINPOLICY 0 | ||
116 | #define TOMOYO_EXCEPTIONPOLICY 1 | ||
117 | #define TOMOYO_DOMAIN_STATUS 2 | ||
118 | #define TOMOYO_PROCESS_STATUS 3 | ||
119 | #define TOMOYO_MEMINFO 4 | ||
120 | #define TOMOYO_SELFDOMAIN 5 | ||
121 | #define TOMOYO_VERSION 6 | ||
122 | #define TOMOYO_PROFILE 7 | ||
123 | #define TOMOYO_MANAGER 8 | ||
25 | 124 | ||
26 | struct dentry; | 125 | /********** Structure definitions. **********/ |
27 | struct vfsmount; | ||
28 | 126 | ||
29 | /* | 127 | /* |
30 | * tomoyo_page_buffer is a structure which is used for holding a pathname | 128 | * tomoyo_page_buffer is a structure which is used for holding a pathname |
@@ -66,13 +164,14 @@ struct tomoyo_path_info { | |||
66 | }; | 164 | }; |
67 | 165 | ||
68 | /* | 166 | /* |
69 | * This is the max length of a token. | 167 | * tomoyo_name_entry is a structure which is used for linking |
70 | * | 168 | * "struct tomoyo_path_info" into tomoyo_name_list . |
71 | * A token consists of only ASCII printable characters. | ||
72 | * Non printable characters in a token is represented in \ooo style | ||
73 | * octal string. Thus, \ itself is represented as \\. | ||
74 | */ | 169 | */ |
75 | #define TOMOYO_MAX_PATHNAME_LEN 4000 | 170 | struct tomoyo_name_entry { |
171 | struct list_head list; | ||
172 | atomic_t users; | ||
173 | struct tomoyo_path_info entry; | ||
174 | }; | ||
76 | 175 | ||
77 | /* | 176 | /* |
78 | * tomoyo_path_info_with_data is a structure which is used for holding a | 177 | * tomoyo_path_info_with_data is a structure which is used for holding a |
@@ -155,9 +254,6 @@ struct tomoyo_domain_info { | |||
155 | bool transition_failed; /* Domain transition failed flag. */ | 254 | bool transition_failed; /* Domain transition failed flag. */ |
156 | }; | 255 | }; |
157 | 256 | ||
158 | /* Profile number is an integer between 0 and 255. */ | ||
159 | #define TOMOYO_MAX_PROFILES 256 | ||
160 | |||
161 | /* | 257 | /* |
162 | * tomoyo_single_path_acl_record is a structure which is used for holding an | 258 | * tomoyo_single_path_acl_record is a structure which is used for holding an |
163 | * entry with one pathname operation (e.g. open(), mkdir()). | 259 | * entry with one pathname operation (e.g. open(), mkdir()). |
@@ -204,29 +300,6 @@ struct tomoyo_double_path_acl_record { | |||
204 | const struct tomoyo_path_info *filename2; | 300 | const struct tomoyo_path_info *filename2; |
205 | }; | 301 | }; |
206 | 302 | ||
207 | /* Keywords for ACLs. */ | ||
208 | #define TOMOYO_KEYWORD_ALIAS "alias " | ||
209 | #define TOMOYO_KEYWORD_ALLOW_READ "allow_read " | ||
210 | #define TOMOYO_KEYWORD_DELETE "delete " | ||
211 | #define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite " | ||
212 | #define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern " | ||
213 | #define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain " | ||
214 | #define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain " | ||
215 | #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain " | ||
216 | #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain " | ||
217 | #define TOMOYO_KEYWORD_SELECT "select " | ||
218 | #define TOMOYO_KEYWORD_USE_PROFILE "use_profile " | ||
219 | #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read" | ||
220 | /* A domain definition starts with <kernel>. */ | ||
221 | #define TOMOYO_ROOT_NAME "<kernel>" | ||
222 | #define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) | ||
223 | |||
224 | /* Index numbers for Access Controls. */ | ||
225 | #define TOMOYO_MAC_FOR_FILE 0 /* domain_policy.conf */ | ||
226 | #define TOMOYO_MAX_ACCEPT_ENTRY 1 | ||
227 | #define TOMOYO_VERBOSE 2 | ||
228 | #define TOMOYO_MAX_CONTROL_INDEX 3 | ||
229 | |||
230 | /* | 303 | /* |
231 | * tomoyo_io_buffer is a structure which is used for reading and modifying | 304 | * tomoyo_io_buffer is a structure which is used for reading and modifying |
232 | * configuration via /sys/kernel/security/tomoyo/ interface. | 305 | * configuration via /sys/kernel/security/tomoyo/ interface. |
@@ -285,6 +358,149 @@ struct tomoyo_io_buffer { | |||
285 | int writebuf_size; | 358 | int writebuf_size; |
286 | }; | 359 | }; |
287 | 360 | ||
361 | /* | ||
362 | * tomoyo_globally_readable_file_entry is a structure which is used for holding | ||
363 | * "allow_read" entries. | ||
364 | * It has following fields. | ||
365 | * | ||
366 | * (1) "list" which is linked to tomoyo_globally_readable_list . | ||
367 | * (2) "filename" is a pathname which is allowed to open(O_RDONLY). | ||
368 | * (3) "is_deleted" is a bool which is true if marked as deleted, false | ||
369 | * otherwise. | ||
370 | */ | ||
371 | struct tomoyo_globally_readable_file_entry { | ||
372 | struct list_head list; | ||
373 | const struct tomoyo_path_info *filename; | ||
374 | bool is_deleted; | ||
375 | }; | ||
376 | |||
377 | /* | ||
378 | * tomoyo_pattern_entry is a structure which is used for holding | ||
379 | * "tomoyo_pattern_list" entries. | ||
380 | * It has following fields. | ||
381 | * | ||
382 | * (1) "list" which is linked to tomoyo_pattern_list . | ||
383 | * (2) "pattern" is a pathname pattern which is used for converting pathnames | ||
384 | * to pathname patterns during learning mode. | ||
385 | * (3) "is_deleted" is a bool which is true if marked as deleted, false | ||
386 | * otherwise. | ||
387 | */ | ||
388 | struct tomoyo_pattern_entry { | ||
389 | struct list_head list; | ||
390 | const struct tomoyo_path_info *pattern; | ||
391 | bool is_deleted; | ||
392 | }; | ||
393 | |||
394 | /* | ||
395 | * tomoyo_no_rewrite_entry is a structure which is used for holding | ||
396 | * "deny_rewrite" entries. | ||
397 | * It has following fields. | ||
398 | * | ||
399 | * (1) "list" which is linked to tomoyo_no_rewrite_list . | ||
400 | * (2) "pattern" is a pathname which is by default not permitted to modify | ||
401 | * already existing content. | ||
402 | * (3) "is_deleted" is a bool which is true if marked as deleted, false | ||
403 | * otherwise. | ||
404 | */ | ||
405 | struct tomoyo_no_rewrite_entry { | ||
406 | struct list_head list; | ||
407 | const struct tomoyo_path_info *pattern; | ||
408 | bool is_deleted; | ||
409 | }; | ||
410 | |||
411 | /* | ||
412 | * tomoyo_domain_initializer_entry is a structure which is used for holding | ||
413 | * "initialize_domain" and "no_initialize_domain" entries. | ||
414 | * It has following fields. | ||
415 | * | ||
416 | * (1) "list" which is linked to tomoyo_domain_initializer_list . | ||
417 | * (2) "domainname" which is "a domainname" or "the last component of a | ||
418 | * domainname". This field is NULL if "from" clause is not specified. | ||
419 | * (3) "program" which is a program's pathname. | ||
420 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
421 | * otherwise. | ||
422 | * (5) "is_not" is a bool which is true if "no_initialize_domain", false | ||
423 | * otherwise. | ||
424 | * (6) "is_last_name" is a bool which is true if "domainname" is "the last | ||
425 | * component of a domainname", false otherwise. | ||
426 | */ | ||
427 | struct tomoyo_domain_initializer_entry { | ||
428 | struct list_head list; | ||
429 | const struct tomoyo_path_info *domainname; /* This may be NULL */ | ||
430 | const struct tomoyo_path_info *program; | ||
431 | bool is_deleted; | ||
432 | bool is_not; /* True if this entry is "no_initialize_domain". */ | ||
433 | /* True if the domainname is tomoyo_get_last_name(). */ | ||
434 | bool is_last_name; | ||
435 | }; | ||
436 | |||
437 | /* | ||
438 | * tomoyo_domain_keeper_entry is a structure which is used for holding | ||
439 | * "keep_domain" and "no_keep_domain" entries. | ||
440 | * It has following fields. | ||
441 | * | ||
442 | * (1) "list" which is linked to tomoyo_domain_keeper_list . | ||
443 | * (2) "domainname" which is "a domainname" or "the last component of a | ||
444 | * domainname". | ||
445 | * (3) "program" which is a program's pathname. | ||
446 | * This field is NULL if "from" clause is not specified. | ||
447 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
448 | * otherwise. | ||
449 | * (5) "is_not" is a bool which is true if "no_initialize_domain", false | ||
450 | * otherwise. | ||
451 | * (6) "is_last_name" is a bool which is true if "domainname" is "the last | ||
452 | * component of a domainname", false otherwise. | ||
453 | */ | ||
454 | struct tomoyo_domain_keeper_entry { | ||
455 | struct list_head list; | ||
456 | const struct tomoyo_path_info *domainname; | ||
457 | const struct tomoyo_path_info *program; /* This may be NULL */ | ||
458 | bool is_deleted; | ||
459 | bool is_not; /* True if this entry is "no_keep_domain". */ | ||
460 | /* True if the domainname is tomoyo_get_last_name(). */ | ||
461 | bool is_last_name; | ||
462 | }; | ||
463 | |||
464 | /* | ||
465 | * tomoyo_alias_entry is a structure which is used for holding "alias" entries. | ||
466 | * It has following fields. | ||
467 | * | ||
468 | * (1) "list" which is linked to tomoyo_alias_list . | ||
469 | * (2) "original_name" which is a dereferenced pathname. | ||
470 | * (3) "aliased_name" which is a symlink's pathname. | ||
471 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
472 | * otherwise. | ||
473 | */ | ||
474 | struct tomoyo_alias_entry { | ||
475 | struct list_head list; | ||
476 | const struct tomoyo_path_info *original_name; | ||
477 | const struct tomoyo_path_info *aliased_name; | ||
478 | bool is_deleted; | ||
479 | }; | ||
480 | |||
481 | /* | ||
482 | * tomoyo_policy_manager_entry is a structure which is used for holding list of | ||
483 | * domainnames or programs which are permitted to modify configuration via | ||
484 | * /sys/kernel/security/tomoyo/ interface. | ||
485 | * It has following fields. | ||
486 | * | ||
487 | * (1) "list" which is linked to tomoyo_policy_manager_list . | ||
488 | * (2) "manager" is a domainname or a program's pathname. | ||
489 | * (3) "is_domain" is a bool which is true if "manager" is a domainname, false | ||
490 | * otherwise. | ||
491 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
492 | * otherwise. | ||
493 | */ | ||
494 | struct tomoyo_policy_manager_entry { | ||
495 | struct list_head list; | ||
496 | /* A path to program or a domainname. */ | ||
497 | const struct tomoyo_path_info *manager; | ||
498 | bool is_domain; /* True if manager is a domainname. */ | ||
499 | bool is_deleted; /* True if this entry is deleted. */ | ||
500 | }; | ||
501 | |||
502 | /********** Function prototypes. **********/ | ||
503 | |||
288 | /* Check whether the domain has too many ACL entries to hold. */ | 504 | /* Check whether the domain has too many ACL entries to hold. */ |
289 | bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain); | 505 | bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain); |
290 | /* Transactional sprintf() for policy dump. */ | 506 | /* Transactional sprintf() for policy dump. */ |
@@ -367,6 +583,85 @@ void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); | |||
367 | /* Run policy loader when /sbin/init starts. */ | 583 | /* Run policy loader when /sbin/init starts. */ |
368 | void tomoyo_load_policy(const char *filename); | 584 | void tomoyo_load_policy(const char *filename); |
369 | 585 | ||
586 | /* Convert binary string to ascii string. */ | ||
587 | int tomoyo_encode(char *buffer, int buflen, const char *str); | ||
588 | |||
589 | /* Returns realpath(3) of the given pathname but ignores chroot'ed root. */ | ||
590 | int tomoyo_realpath_from_path2(struct path *path, char *newname, | ||
591 | int newname_len); | ||
592 | |||
593 | /* | ||
594 | * Returns realpath(3) of the given pathname but ignores chroot'ed root. | ||
595 | * These functions use kzalloc(), so the caller must call kfree() | ||
596 | * if these functions didn't return NULL. | ||
597 | */ | ||
598 | char *tomoyo_realpath(const char *pathname); | ||
599 | /* | ||
600 | * Same with tomoyo_realpath() except that it doesn't follow the final symlink. | ||
601 | */ | ||
602 | char *tomoyo_realpath_nofollow(const char *pathname); | ||
603 | /* Same with tomoyo_realpath() except that the pathname is already solved. */ | ||
604 | char *tomoyo_realpath_from_path(struct path *path); | ||
605 | |||
606 | /* Check memory quota. */ | ||
607 | bool tomoyo_memory_ok(void *ptr); | ||
608 | |||
609 | /* | ||
610 | * Keep the given name on the RAM. | ||
611 | * The RAM is shared, so NEVER try to modify or kfree() the returned name. | ||
612 | */ | ||
613 | const struct tomoyo_path_info *tomoyo_get_name(const char *name); | ||
614 | |||
615 | /* Check for memory usage. */ | ||
616 | int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head); | ||
617 | |||
618 | /* Set memory quota. */ | ||
619 | int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head); | ||
620 | |||
621 | /* Initialize realpath related code. */ | ||
622 | void __init tomoyo_realpath_init(void); | ||
623 | int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, | ||
624 | const struct tomoyo_path_info *filename); | ||
625 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | ||
626 | struct path *path, const int flag); | ||
627 | int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, | ||
628 | const u8 operation, struct path *path); | ||
629 | int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain, | ||
630 | const u8 operation, struct path *path1, | ||
631 | struct path *path2); | ||
632 | int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, | ||
633 | struct file *filp); | ||
634 | int tomoyo_find_next_domain(struct linux_binprm *bprm); | ||
635 | |||
636 | /********** External variable definitions. **********/ | ||
637 | |||
638 | /* Lock for GC. */ | ||
639 | extern struct srcu_struct tomoyo_ss; | ||
640 | |||
641 | /* The list for "struct tomoyo_domain_info". */ | ||
642 | extern struct list_head tomoyo_domain_list; | ||
643 | |||
644 | /* Lock for protecting policy. */ | ||
645 | extern struct mutex tomoyo_policy_lock; | ||
646 | |||
647 | /* Has /sbin/init started? */ | ||
648 | extern bool tomoyo_policy_loaded; | ||
649 | |||
650 | /* The kernel's domain. */ | ||
651 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | ||
652 | |||
653 | /********** Inlined functions. **********/ | ||
654 | |||
655 | static inline int tomoyo_read_lock(void) | ||
656 | { | ||
657 | return srcu_read_lock(&tomoyo_ss); | ||
658 | } | ||
659 | |||
660 | static inline void tomoyo_read_unlock(int idx) | ||
661 | { | ||
662 | srcu_read_unlock(&tomoyo_ss, idx); | ||
663 | } | ||
664 | |||
370 | /* strcmp() for "struct tomoyo_path_info" structure. */ | 665 | /* strcmp() for "struct tomoyo_path_info" structure. */ |
371 | static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, | 666 | static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, |
372 | const struct tomoyo_path_info *b) | 667 | const struct tomoyo_path_info *b) |
@@ -398,17 +693,25 @@ static inline bool tomoyo_is_invalid(const unsigned char c) | |||
398 | return c && (c <= ' ' || c >= 127); | 693 | return c && (c <= ' ' || c >= 127); |
399 | } | 694 | } |
400 | 695 | ||
401 | /* The list for "struct tomoyo_domain_info". */ | 696 | static inline void tomoyo_put_name(const struct tomoyo_path_info *name) |
402 | extern struct list_head tomoyo_domain_list; | 697 | { |
403 | 698 | if (name) { | |
404 | /* Lock for protecting policy. */ | 699 | struct tomoyo_name_entry *ptr = |
405 | extern struct mutex tomoyo_policy_lock; | 700 | container_of(name, struct tomoyo_name_entry, entry); |
701 | atomic_dec(&ptr->users); | ||
702 | } | ||
703 | } | ||
406 | 704 | ||
407 | /* Has /sbin/init started? */ | 705 | static inline struct tomoyo_domain_info *tomoyo_domain(void) |
408 | extern bool tomoyo_policy_loaded; | 706 | { |
707 | return current_cred()->security; | ||
708 | } | ||
409 | 709 | ||
410 | /* The kernel's domain. */ | 710 | static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct |
411 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | 711 | *task) |
712 | { | ||
713 | return task_cred_xxx(task, security); | ||
714 | } | ||
412 | 715 | ||
413 | /** | 716 | /** |
414 | * list_for_each_cookie - iterate over a list with cookie. | 717 | * list_for_each_cookie - iterate over a list with cookie. |
@@ -428,16 +731,4 @@ extern struct tomoyo_domain_info tomoyo_kernel_domain; | |||
428 | prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ | 731 | prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ |
429 | (cookie) = pos, pos = rcu_dereference(pos->next)) | 732 | (cookie) = pos, pos = rcu_dereference(pos->next)) |
430 | 733 | ||
431 | extern struct srcu_struct tomoyo_ss; | ||
432 | |||
433 | static inline int tomoyo_read_lock(void) | ||
434 | { | ||
435 | return srcu_read_lock(&tomoyo_ss); | ||
436 | } | ||
437 | |||
438 | static inline void tomoyo_read_unlock(int idx) | ||
439 | { | ||
440 | srcu_read_unlock(&tomoyo_ss, idx); | ||
441 | } | ||
442 | |||
443 | #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ | 734 | #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ |