diff options
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r-- | security/tomoyo/common.h | 90 |
1 files changed, 44 insertions, 46 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 3727296f01f9..f4d3050b9c0e 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -71,8 +71,8 @@ enum tomoyo_mac_index { | |||
71 | 71 | ||
72 | /* Index numbers for Access Controls. */ | 72 | /* Index numbers for Access Controls. */ |
73 | enum tomoyo_acl_entry_type_index { | 73 | enum tomoyo_acl_entry_type_index { |
74 | TOMOYO_TYPE_SINGLE_PATH_ACL, | 74 | TOMOYO_TYPE_PATH_ACL, |
75 | TOMOYO_TYPE_DOUBLE_PATH_ACL, | 75 | TOMOYO_TYPE_PATH2_ACL, |
76 | }; | 76 | }; |
77 | 77 | ||
78 | /* Index numbers for File Controls. */ | 78 | /* Index numbers for File Controls. */ |
@@ -87,36 +87,36 @@ enum tomoyo_acl_entry_type_index { | |||
87 | */ | 87 | */ |
88 | 88 | ||
89 | enum tomoyo_path_acl_index { | 89 | enum tomoyo_path_acl_index { |
90 | TOMOYO_TYPE_READ_WRITE_ACL, | 90 | TOMOYO_TYPE_READ_WRITE, |
91 | TOMOYO_TYPE_EXECUTE_ACL, | 91 | TOMOYO_TYPE_EXECUTE, |
92 | TOMOYO_TYPE_READ_ACL, | 92 | TOMOYO_TYPE_READ, |
93 | TOMOYO_TYPE_WRITE_ACL, | 93 | TOMOYO_TYPE_WRITE, |
94 | TOMOYO_TYPE_CREATE_ACL, | 94 | TOMOYO_TYPE_CREATE, |
95 | TOMOYO_TYPE_UNLINK_ACL, | 95 | TOMOYO_TYPE_UNLINK, |
96 | TOMOYO_TYPE_MKDIR_ACL, | 96 | TOMOYO_TYPE_MKDIR, |
97 | TOMOYO_TYPE_RMDIR_ACL, | 97 | TOMOYO_TYPE_RMDIR, |
98 | TOMOYO_TYPE_MKFIFO_ACL, | 98 | TOMOYO_TYPE_MKFIFO, |
99 | TOMOYO_TYPE_MKSOCK_ACL, | 99 | TOMOYO_TYPE_MKSOCK, |
100 | TOMOYO_TYPE_MKBLOCK_ACL, | 100 | TOMOYO_TYPE_MKBLOCK, |
101 | TOMOYO_TYPE_MKCHAR_ACL, | 101 | TOMOYO_TYPE_MKCHAR, |
102 | TOMOYO_TYPE_TRUNCATE_ACL, | 102 | TOMOYO_TYPE_TRUNCATE, |
103 | TOMOYO_TYPE_SYMLINK_ACL, | 103 | TOMOYO_TYPE_SYMLINK, |
104 | TOMOYO_TYPE_REWRITE_ACL, | 104 | TOMOYO_TYPE_REWRITE, |
105 | TOMOYO_TYPE_IOCTL_ACL, | 105 | TOMOYO_TYPE_IOCTL, |
106 | TOMOYO_TYPE_CHMOD_ACL, | 106 | TOMOYO_TYPE_CHMOD, |
107 | TOMOYO_TYPE_CHOWN_ACL, | 107 | TOMOYO_TYPE_CHOWN, |
108 | TOMOYO_TYPE_CHGRP_ACL, | 108 | TOMOYO_TYPE_CHGRP, |
109 | TOMOYO_TYPE_CHROOT_ACL, | 109 | TOMOYO_TYPE_CHROOT, |
110 | TOMOYO_TYPE_MOUNT_ACL, | 110 | TOMOYO_TYPE_MOUNT, |
111 | TOMOYO_TYPE_UMOUNT_ACL, | 111 | TOMOYO_TYPE_UMOUNT, |
112 | TOMOYO_MAX_SINGLE_PATH_OPERATION | 112 | TOMOYO_MAX_PATH_OPERATION |
113 | }; | 113 | }; |
114 | 114 | ||
115 | enum tomoyo_path2_acl_index { | 115 | enum tomoyo_path2_acl_index { |
116 | TOMOYO_TYPE_LINK_ACL, | 116 | TOMOYO_TYPE_LINK, |
117 | TOMOYO_TYPE_RENAME_ACL, | 117 | TOMOYO_TYPE_RENAME, |
118 | TOMOYO_TYPE_PIVOT_ROOT_ACL, | 118 | TOMOYO_TYPE_PIVOT_ROOT, |
119 | TOMOYO_MAX_DOUBLE_PATH_OPERATION | 119 | TOMOYO_MAX_PATH2_OPERATION |
120 | }; | 120 | }; |
121 | 121 | ||
122 | enum tomoyo_securityfs_interface_index { | 122 | enum tomoyo_securityfs_interface_index { |
@@ -210,12 +210,11 @@ struct tomoyo_path_info_with_data { | |||
210 | * (1) "list" which is linked to the ->acl_info_list of | 210 | * (1) "list" which is linked to the ->acl_info_list of |
211 | * "struct tomoyo_domain_info" | 211 | * "struct tomoyo_domain_info" |
212 | * (2) "type" which tells type of the entry (either | 212 | * (2) "type" which tells type of the entry (either |
213 | * "struct tomoyo_single_path_acl_record" or | 213 | * "struct tomoyo_path_acl" or "struct tomoyo_path2_acl"). |
214 | * "struct tomoyo_double_path_acl_record"). | ||
215 | * | 214 | * |
216 | * Packing "struct tomoyo_acl_info" allows | 215 | * Packing "struct tomoyo_acl_info" allows |
217 | * "struct tomoyo_single_path_acl_record" to embed "u8" + "u16" and | 216 | * "struct tomoyo_path_acl" to embed "u8" + "u16" and |
218 | * "struct tomoyo_double_path_acl_record" to embed "u8" | 217 | * "struct tomoyo_path2_acl" to embed "u8" |
219 | * without enlarging their structure size. | 218 | * without enlarging their structure size. |
220 | */ | 219 | */ |
221 | struct tomoyo_acl_info { | 220 | struct tomoyo_acl_info { |
@@ -269,7 +268,7 @@ struct tomoyo_domain_info { | |||
269 | }; | 268 | }; |
270 | 269 | ||
271 | /* | 270 | /* |
272 | * tomoyo_single_path_acl_record is a structure which is used for holding an | 271 | * tomoyo_path_acl is a structure which is used for holding an |
273 | * entry with one pathname operation (e.g. open(), mkdir()). | 272 | * entry with one pathname operation (e.g. open(), mkdir()). |
274 | * It has following fields. | 273 | * It has following fields. |
275 | * | 274 | * |
@@ -284,8 +283,8 @@ struct tomoyo_domain_info { | |||
284 | * "allow_chmod", "allow_chown", "allow_chgrp", "allow_chroot", "allow_mount" | 283 | * "allow_chmod", "allow_chown", "allow_chgrp", "allow_chroot", "allow_mount" |
285 | * and "allow_unmount". | 284 | * and "allow_unmount". |
286 | */ | 285 | */ |
287 | struct tomoyo_single_path_acl_record { | 286 | struct tomoyo_path_acl { |
288 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_SINGLE_PATH_ACL */ | 287 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */ |
289 | u8 perm_high; | 288 | u8 perm_high; |
290 | u16 perm; | 289 | u16 perm; |
291 | /* Pointer to single pathname. */ | 290 | /* Pointer to single pathname. */ |
@@ -293,7 +292,7 @@ struct tomoyo_single_path_acl_record { | |||
293 | }; | 292 | }; |
294 | 293 | ||
295 | /* | 294 | /* |
296 | * tomoyo_double_path_acl_record is a structure which is used for holding an | 295 | * tomoyo_path2_acl is a structure which is used for holding an |
297 | * entry with two pathnames operation (i.e. link(), rename() and pivot_root()). | 296 | * entry with two pathnames operation (i.e. link(), rename() and pivot_root()). |
298 | * It has following fields. | 297 | * It has following fields. |
299 | * | 298 | * |
@@ -305,8 +304,8 @@ struct tomoyo_single_path_acl_record { | |||
305 | * Directives held by this structure are "allow_rename", "allow_link" and | 304 | * Directives held by this structure are "allow_rename", "allow_link" and |
306 | * "allow_pivot_root". | 305 | * "allow_pivot_root". |
307 | */ | 306 | */ |
308 | struct tomoyo_double_path_acl_record { | 307 | struct tomoyo_path2_acl { |
309 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_DOUBLE_PATH_ACL */ | 308 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */ |
310 | u8 perm; | 309 | u8 perm; |
311 | /* Pointer to single pathname. */ | 310 | /* Pointer to single pathname. */ |
312 | const struct tomoyo_path_info *filename1; | 311 | const struct tomoyo_path_info *filename1; |
@@ -550,13 +549,13 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head); | |||
550 | /* Write domain policy violation warning message to console? */ | 549 | /* Write domain policy violation warning message to console? */ |
551 | bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); | 550 | bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); |
552 | /* Convert double path operation to operation name. */ | 551 | /* Convert double path operation to operation name. */ |
553 | const char *tomoyo_dp2keyword(const u8 operation); | 552 | const char *tomoyo_path22keyword(const u8 operation); |
554 | /* Get the last component of the given domainname. */ | 553 | /* Get the last component of the given domainname. */ |
555 | const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); | 554 | const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); |
556 | /* Get warning message. */ | 555 | /* Get warning message. */ |
557 | const char *tomoyo_get_msg(const bool is_enforce); | 556 | const char *tomoyo_get_msg(const bool is_enforce); |
558 | /* Convert single path operation to operation name. */ | 557 | /* Convert single path operation to operation name. */ |
559 | const char *tomoyo_sp2keyword(const u8 operation); | 558 | const char *tomoyo_path2keyword(const u8 operation); |
560 | /* Create "alias" entry in exception policy. */ | 559 | /* Create "alias" entry in exception policy. */ |
561 | int tomoyo_write_alias_policy(char *data, const bool is_delete); | 560 | int tomoyo_write_alias_policy(char *data, const bool is_delete); |
562 | /* | 561 | /* |
@@ -638,11 +637,10 @@ int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, | |||
638 | const struct tomoyo_path_info *filename); | 637 | const struct tomoyo_path_info *filename); |
639 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | 638 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, |
640 | struct path *path, const int flag); | 639 | struct path *path, const int flag); |
641 | int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, | 640 | int tomoyo_path_perm(struct tomoyo_domain_info *domain, const u8 operation, |
642 | const u8 operation, struct path *path); | 641 | struct path *path); |
643 | int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain, | 642 | int tomoyo_path2_perm(struct tomoyo_domain_info *domain, const u8 operation, |
644 | const u8 operation, struct path *path1, | 643 | struct path *path1, struct path *path2); |
645 | struct path *path2); | ||
646 | int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, | 644 | int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, |
647 | struct file *filp); | 645 | struct file *filp); |
648 | int tomoyo_find_next_domain(struct linux_binprm *bprm); | 646 | int tomoyo_find_next_domain(struct linux_binprm *bprm); |