diff options
Diffstat (limited to 'security/tomoyo/common.h')
| -rw-r--r-- | security/tomoyo/common.h | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index d1b8d791bfff..54db39aa339b 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
| @@ -46,6 +46,7 @@ enum tomoyo_mode_index { | |||
| 46 | }; | 46 | }; |
| 47 | 47 | ||
| 48 | /* Keywords for ACLs. */ | 48 | /* Keywords for ACLs. */ |
| 49 | #define TOMOYO_KEYWORD_AGGREGATOR "aggregator " | ||
| 49 | #define TOMOYO_KEYWORD_ALIAS "alias " | 50 | #define TOMOYO_KEYWORD_ALIAS "alias " |
| 50 | #define TOMOYO_KEYWORD_ALLOW_MOUNT "allow_mount " | 51 | #define TOMOYO_KEYWORD_ALLOW_MOUNT "allow_mount " |
| 51 | #define TOMOYO_KEYWORD_ALLOW_READ "allow_read " | 52 | #define TOMOYO_KEYWORD_ALLOW_READ "allow_read " |
| @@ -593,6 +594,24 @@ struct tomoyo_domain_keeper_entry { | |||
| 593 | }; | 594 | }; |
| 594 | 595 | ||
| 595 | /* | 596 | /* |
| 597 | * tomoyo_aggregator_entry is a structure which is used for holding | ||
| 598 | * "aggregator" entries. | ||
| 599 | * It has following fields. | ||
| 600 | * | ||
| 601 | * (1) "list" which is linked to tomoyo_aggregator_list . | ||
| 602 | * (2) "original_name" which is originally requested name. | ||
| 603 | * (3) "aggregated_name" which is name to rewrite. | ||
| 604 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
| 605 | * otherwise. | ||
| 606 | */ | ||
| 607 | struct tomoyo_aggregator_entry { | ||
| 608 | struct list_head list; | ||
| 609 | const struct tomoyo_path_info *original_name; | ||
| 610 | const struct tomoyo_path_info *aggregated_name; | ||
| 611 | bool is_deleted; | ||
| 612 | }; | ||
| 613 | |||
| 614 | /* | ||
| 596 | * tomoyo_alias_entry is a structure which is used for holding "alias" entries. | 615 | * tomoyo_alias_entry is a structure which is used for holding "alias" entries. |
| 597 | * It has following fields. | 616 | * It has following fields. |
| 598 | * | 617 | * |
| @@ -693,6 +712,8 @@ bool tomoyo_print_number_union(struct tomoyo_io_buffer *head, | |||
| 693 | const struct tomoyo_number_union *ptr); | 712 | const struct tomoyo_number_union *ptr); |
| 694 | bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num); | 713 | bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num); |
| 695 | 714 | ||
| 715 | /* Read "aggregator" entry in exception policy. */ | ||
| 716 | bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head); | ||
| 696 | /* Read "alias" entry in exception policy. */ | 717 | /* Read "alias" entry in exception policy. */ |
| 697 | bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head); | 718 | bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head); |
| 698 | /* | 719 | /* |
| @@ -730,6 +751,8 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, | |||
| 730 | /* Check permission for mount operation. */ | 751 | /* Check permission for mount operation. */ |
| 731 | int tomoyo_mount_permission(char *dev_name, struct path *path, char *type, | 752 | int tomoyo_mount_permission(char *dev_name, struct path *path, char *type, |
| 732 | unsigned long flags, void *data_page); | 753 | unsigned long flags, void *data_page); |
| 754 | /* Create "aggregator" entry in exception policy. */ | ||
| 755 | int tomoyo_write_aggregator_policy(char *data, const bool is_delete); | ||
| 733 | /* Create "alias" entry in exception policy. */ | 756 | /* Create "alias" entry in exception policy. */ |
| 734 | int tomoyo_write_alias_policy(char *data, const bool is_delete); | 757 | int tomoyo_write_alias_policy(char *data, const bool is_delete); |
| 735 | /* | 758 | /* |
| @@ -857,6 +880,7 @@ extern struct list_head tomoyo_path_group_list; | |||
| 857 | extern struct list_head tomoyo_number_group_list; | 880 | extern struct list_head tomoyo_number_group_list; |
| 858 | extern struct list_head tomoyo_domain_initializer_list; | 881 | extern struct list_head tomoyo_domain_initializer_list; |
| 859 | extern struct list_head tomoyo_domain_keeper_list; | 882 | extern struct list_head tomoyo_domain_keeper_list; |
| 883 | extern struct list_head tomoyo_aggregator_list; | ||
| 860 | extern struct list_head tomoyo_alias_list; | 884 | extern struct list_head tomoyo_alias_list; |
| 861 | extern struct list_head tomoyo_globally_readable_list; | 885 | extern struct list_head tomoyo_globally_readable_list; |
| 862 | extern struct list_head tomoyo_pattern_list; | 886 | extern struct list_head tomoyo_pattern_list; |
| @@ -1036,6 +1060,14 @@ static inline bool tomoyo_is_same_domain_keeper_entry | |||
| 1036 | && p1->program == p2->program; | 1060 | && p1->program == p2->program; |
| 1037 | } | 1061 | } |
| 1038 | 1062 | ||
| 1063 | static inline bool tomoyo_is_same_aggregator_entry | ||
| 1064 | (const struct tomoyo_aggregator_entry *p1, | ||
| 1065 | const struct tomoyo_aggregator_entry *p2) | ||
| 1066 | { | ||
| 1067 | return p1->original_name == p2->original_name && | ||
| 1068 | p1->aggregated_name == p2->aggregated_name; | ||
| 1069 | } | ||
| 1070 | |||
| 1039 | static inline bool tomoyo_is_same_alias_entry | 1071 | static inline bool tomoyo_is_same_alias_entry |
| 1040 | (const struct tomoyo_alias_entry *p1, const struct tomoyo_alias_entry *p2) | 1072 | (const struct tomoyo_alias_entry *p1, const struct tomoyo_alias_entry *p2) |
| 1041 | { | 1073 | { |