aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/common.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r--security/tomoyo/common.h90
1 files changed, 44 insertions, 46 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 3727296f01f9..f4d3050b9c0e 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -71,8 +71,8 @@ enum tomoyo_mac_index {
71 71
72/* Index numbers for Access Controls. */ 72/* Index numbers for Access Controls. */
73enum tomoyo_acl_entry_type_index { 73enum tomoyo_acl_entry_type_index {
74 TOMOYO_TYPE_SINGLE_PATH_ACL, 74 TOMOYO_TYPE_PATH_ACL,
75 TOMOYO_TYPE_DOUBLE_PATH_ACL, 75 TOMOYO_TYPE_PATH2_ACL,
76}; 76};
77 77
78/* Index numbers for File Controls. */ 78/* Index numbers for File Controls. */
@@ -87,36 +87,36 @@ enum tomoyo_acl_entry_type_index {
87 */ 87 */
88 88
89enum tomoyo_path_acl_index { 89enum tomoyo_path_acl_index {
90 TOMOYO_TYPE_READ_WRITE_ACL, 90 TOMOYO_TYPE_READ_WRITE,
91 TOMOYO_TYPE_EXECUTE_ACL, 91 TOMOYO_TYPE_EXECUTE,
92 TOMOYO_TYPE_READ_ACL, 92 TOMOYO_TYPE_READ,
93 TOMOYO_TYPE_WRITE_ACL, 93 TOMOYO_TYPE_WRITE,
94 TOMOYO_TYPE_CREATE_ACL, 94 TOMOYO_TYPE_CREATE,
95 TOMOYO_TYPE_UNLINK_ACL, 95 TOMOYO_TYPE_UNLINK,
96 TOMOYO_TYPE_MKDIR_ACL, 96 TOMOYO_TYPE_MKDIR,
97 TOMOYO_TYPE_RMDIR_ACL, 97 TOMOYO_TYPE_RMDIR,
98 TOMOYO_TYPE_MKFIFO_ACL, 98 TOMOYO_TYPE_MKFIFO,
99 TOMOYO_TYPE_MKSOCK_ACL, 99 TOMOYO_TYPE_MKSOCK,
100 TOMOYO_TYPE_MKBLOCK_ACL, 100 TOMOYO_TYPE_MKBLOCK,
101 TOMOYO_TYPE_MKCHAR_ACL, 101 TOMOYO_TYPE_MKCHAR,
102 TOMOYO_TYPE_TRUNCATE_ACL, 102 TOMOYO_TYPE_TRUNCATE,
103 TOMOYO_TYPE_SYMLINK_ACL, 103 TOMOYO_TYPE_SYMLINK,
104 TOMOYO_TYPE_REWRITE_ACL, 104 TOMOYO_TYPE_REWRITE,
105 TOMOYO_TYPE_IOCTL_ACL, 105 TOMOYO_TYPE_IOCTL,
106 TOMOYO_TYPE_CHMOD_ACL, 106 TOMOYO_TYPE_CHMOD,
107 TOMOYO_TYPE_CHOWN_ACL, 107 TOMOYO_TYPE_CHOWN,
108 TOMOYO_TYPE_CHGRP_ACL, 108 TOMOYO_TYPE_CHGRP,
109 TOMOYO_TYPE_CHROOT_ACL, 109 TOMOYO_TYPE_CHROOT,
110 TOMOYO_TYPE_MOUNT_ACL, 110 TOMOYO_TYPE_MOUNT,
111 TOMOYO_TYPE_UMOUNT_ACL, 111 TOMOYO_TYPE_UMOUNT,
112 TOMOYO_MAX_SINGLE_PATH_OPERATION 112 TOMOYO_MAX_PATH_OPERATION
113}; 113};
114 114
115enum tomoyo_path2_acl_index { 115enum tomoyo_path2_acl_index {
116 TOMOYO_TYPE_LINK_ACL, 116 TOMOYO_TYPE_LINK,
117 TOMOYO_TYPE_RENAME_ACL, 117 TOMOYO_TYPE_RENAME,
118 TOMOYO_TYPE_PIVOT_ROOT_ACL, 118 TOMOYO_TYPE_PIVOT_ROOT,
119 TOMOYO_MAX_DOUBLE_PATH_OPERATION 119 TOMOYO_MAX_PATH2_OPERATION
120}; 120};
121 121
122enum tomoyo_securityfs_interface_index { 122enum tomoyo_securityfs_interface_index {
@@ -210,12 +210,11 @@ struct tomoyo_path_info_with_data {
210 * (1) "list" which is linked to the ->acl_info_list of 210 * (1) "list" which is linked to the ->acl_info_list of
211 * "struct tomoyo_domain_info" 211 * "struct tomoyo_domain_info"
212 * (2) "type" which tells type of the entry (either 212 * (2) "type" which tells type of the entry (either
213 * "struct tomoyo_single_path_acl_record" or 213 * "struct tomoyo_path_acl" or "struct tomoyo_path2_acl").
214 * "struct tomoyo_double_path_acl_record").
215 * 214 *
216 * Packing "struct tomoyo_acl_info" allows 215 * Packing "struct tomoyo_acl_info" allows
217 * "struct tomoyo_single_path_acl_record" to embed "u8" + "u16" and 216 * "struct tomoyo_path_acl" to embed "u8" + "u16" and
218 * "struct tomoyo_double_path_acl_record" to embed "u8" 217 * "struct tomoyo_path2_acl" to embed "u8"
219 * without enlarging their structure size. 218 * without enlarging their structure size.
220 */ 219 */
221struct tomoyo_acl_info { 220struct tomoyo_acl_info {
@@ -269,7 +268,7 @@ struct tomoyo_domain_info {
269}; 268};
270 269
271/* 270/*
272 * tomoyo_single_path_acl_record is a structure which is used for holding an 271 * tomoyo_path_acl is a structure which is used for holding an
273 * entry with one pathname operation (e.g. open(), mkdir()). 272 * entry with one pathname operation (e.g. open(), mkdir()).
274 * It has following fields. 273 * It has following fields.
275 * 274 *
@@ -284,8 +283,8 @@ struct tomoyo_domain_info {
284 * "allow_chmod", "allow_chown", "allow_chgrp", "allow_chroot", "allow_mount" 283 * "allow_chmod", "allow_chown", "allow_chgrp", "allow_chroot", "allow_mount"
285 * and "allow_unmount". 284 * and "allow_unmount".
286 */ 285 */
287struct tomoyo_single_path_acl_record { 286struct tomoyo_path_acl {
288 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_SINGLE_PATH_ACL */ 287 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */
289 u8 perm_high; 288 u8 perm_high;
290 u16 perm; 289 u16 perm;
291 /* Pointer to single pathname. */ 290 /* Pointer to single pathname. */
@@ -293,7 +292,7 @@ struct tomoyo_single_path_acl_record {
293}; 292};
294 293
295/* 294/*
296 * tomoyo_double_path_acl_record is a structure which is used for holding an 295 * tomoyo_path2_acl is a structure which is used for holding an
297 * entry with two pathnames operation (i.e. link(), rename() and pivot_root()). 296 * entry with two pathnames operation (i.e. link(), rename() and pivot_root()).
298 * It has following fields. 297 * It has following fields.
299 * 298 *
@@ -305,8 +304,8 @@ struct tomoyo_single_path_acl_record {
305 * Directives held by this structure are "allow_rename", "allow_link" and 304 * Directives held by this structure are "allow_rename", "allow_link" and
306 * "allow_pivot_root". 305 * "allow_pivot_root".
307 */ 306 */
308struct tomoyo_double_path_acl_record { 307struct tomoyo_path2_acl {
309 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_DOUBLE_PATH_ACL */ 308 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */
310 u8 perm; 309 u8 perm;
311 /* Pointer to single pathname. */ 310 /* Pointer to single pathname. */
312 const struct tomoyo_path_info *filename1; 311 const struct tomoyo_path_info *filename1;
@@ -550,13 +549,13 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head);
550/* Write domain policy violation warning message to console? */ 549/* Write domain policy violation warning message to console? */
551bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); 550bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain);
552/* Convert double path operation to operation name. */ 551/* Convert double path operation to operation name. */
553const char *tomoyo_dp2keyword(const u8 operation); 552const char *tomoyo_path22keyword(const u8 operation);
554/* Get the last component of the given domainname. */ 553/* Get the last component of the given domainname. */
555const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); 554const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);
556/* Get warning message. */ 555/* Get warning message. */
557const char *tomoyo_get_msg(const bool is_enforce); 556const char *tomoyo_get_msg(const bool is_enforce);
558/* Convert single path operation to operation name. */ 557/* Convert single path operation to operation name. */
559const char *tomoyo_sp2keyword(const u8 operation); 558const char *tomoyo_path2keyword(const u8 operation);
560/* Create "alias" entry in exception policy. */ 559/* Create "alias" entry in exception policy. */
561int tomoyo_write_alias_policy(char *data, const bool is_delete); 560int tomoyo_write_alias_policy(char *data, const bool is_delete);
562/* 561/*
@@ -638,11 +637,10 @@ int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
638 const struct tomoyo_path_info *filename); 637 const struct tomoyo_path_info *filename);
639int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, 638int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
640 struct path *path, const int flag); 639 struct path *path, const int flag);
641int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, 640int tomoyo_path_perm(struct tomoyo_domain_info *domain, const u8 operation,
642 const u8 operation, struct path *path); 641 struct path *path);
643int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain, 642int tomoyo_path2_perm(struct tomoyo_domain_info *domain, const u8 operation,
644 const u8 operation, struct path *path1, 643 struct path *path1, struct path *path2);
645 struct path *path2);
646int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, 644int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
647 struct file *filp); 645 struct file *filp);
648int tomoyo_find_next_domain(struct linux_binprm *bprm); 646int tomoyo_find_next_domain(struct linux_binprm *bprm);