aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/file.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/file.c')
-rw-r--r--security/tomoyo/file.c63
1 files changed, 13 insertions, 50 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 8410f28a35e0..6ab9e4cdd61f 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -9,46 +9,6 @@
9#include "common.h" 9#include "common.h"
10#include <linux/slab.h> 10#include <linux/slab.h>
11 11
12/* Keyword array for operations with one pathname. */
13const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
14 [TOMOYO_TYPE_EXECUTE] = "execute",
15 [TOMOYO_TYPE_READ] = "read",
16 [TOMOYO_TYPE_WRITE] = "write",
17 [TOMOYO_TYPE_APPEND] = "append",
18 [TOMOYO_TYPE_UNLINK] = "unlink",
19 [TOMOYO_TYPE_GETATTR] = "getattr",
20 [TOMOYO_TYPE_RMDIR] = "rmdir",
21 [TOMOYO_TYPE_TRUNCATE] = "truncate",
22 [TOMOYO_TYPE_SYMLINK] = "symlink",
23 [TOMOYO_TYPE_CHROOT] = "chroot",
24 [TOMOYO_TYPE_UMOUNT] = "unmount",
25};
26
27/* Keyword array for operations with one pathname and three numbers. */
28const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION] = {
29 [TOMOYO_TYPE_MKBLOCK] = "mkblock",
30 [TOMOYO_TYPE_MKCHAR] = "mkchar",
31};
32
33/* Keyword array for operations with two pathnames. */
34const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION] = {
35 [TOMOYO_TYPE_LINK] = "link",
36 [TOMOYO_TYPE_RENAME] = "rename",
37 [TOMOYO_TYPE_PIVOT_ROOT] = "pivot_root",
38};
39
40/* Keyword array for operations with one pathname and one number. */
41const char *tomoyo_path_number_keyword[TOMOYO_MAX_PATH_NUMBER_OPERATION] = {
42 [TOMOYO_TYPE_CREATE] = "create",
43 [TOMOYO_TYPE_MKDIR] = "mkdir",
44 [TOMOYO_TYPE_MKFIFO] = "mkfifo",
45 [TOMOYO_TYPE_MKSOCK] = "mksock",
46 [TOMOYO_TYPE_IOCTL] = "ioctl",
47 [TOMOYO_TYPE_CHMOD] = "chmod",
48 [TOMOYO_TYPE_CHOWN] = "chown",
49 [TOMOYO_TYPE_CHGRP] = "chgrp",
50};
51
52/* 12/*
53 * Mapping table from "enum tomoyo_path_acl_index" to "enum tomoyo_mac_index". 13 * Mapping table from "enum tomoyo_path_acl_index" to "enum tomoyo_mac_index".
54 */ 14 */
@@ -220,8 +180,8 @@ static int tomoyo_audit_path_log(struct tomoyo_request_info *r)
220 */ 180 */
221static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) 181static int tomoyo_audit_path2_log(struct tomoyo_request_info *r)
222{ 182{
223 return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_path2_keyword 183 return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords
224 [r->param.path2.operation], 184 [tomoyo_pp2mac[r->param.path2.operation]],
225 r->param.path2.filename1->name, 185 r->param.path2.filename1->name,
226 r->param.path2.filename2->name); 186 r->param.path2.filename2->name);
227} 187}
@@ -236,8 +196,8 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r)
236static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) 196static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r)
237{ 197{
238 return tomoyo_supervisor(r, "file %s %s 0%o %u %u\n", 198 return tomoyo_supervisor(r, "file %s %s 0%o %u %u\n",
239 tomoyo_mkdev_keyword 199 tomoyo_mac_keywords
240 [r->param.mkdev.operation], 200 [tomoyo_pnnn2mac[r->param.mkdev.operation]],
241 r->param.mkdev.filename->name, 201 r->param.mkdev.filename->name,
242 r->param.mkdev.mode, r->param.mkdev.major, 202 r->param.mkdev.mode, r->param.mkdev.major,
243 r->param.mkdev.minor); 203 r->param.mkdev.minor);
@@ -272,8 +232,8 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r)
272 } 232 }
273 tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number, 233 tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number,
274 radix); 234 radix);
275 return tomoyo_supervisor(r, "file %s %s %s\n", 235 return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords
276 tomoyo_path_number_keyword[type], 236 [tomoyo_pn2mac[type]],
277 r->param.path_number.filename->name, buffer); 237 r->param.path_number.filename->name, buffer);
278} 238}
279 239
@@ -985,22 +945,25 @@ int tomoyo_write_file(struct tomoyo_acl_param *param)
985 if (perm) 945 if (perm)
986 return tomoyo_update_path_acl(perm, param); 946 return tomoyo_update_path_acl(perm, param);
987 for (type = 0; type < TOMOYO_MAX_PATH2_OPERATION; type++) 947 for (type = 0; type < TOMOYO_MAX_PATH2_OPERATION; type++)
988 if (tomoyo_permstr(operation, tomoyo_path2_keyword[type])) 948 if (tomoyo_permstr(operation,
949 tomoyo_mac_keywords[tomoyo_pp2mac[type]]))
989 perm |= 1 << type; 950 perm |= 1 << type;
990 if (perm) 951 if (perm)
991 return tomoyo_update_path2_acl(perm, param); 952 return tomoyo_update_path2_acl(perm, param);
992 for (type = 0; type < TOMOYO_MAX_PATH_NUMBER_OPERATION; type++) 953 for (type = 0; type < TOMOYO_MAX_PATH_NUMBER_OPERATION; type++)
993 if (tomoyo_permstr(operation, 954 if (tomoyo_permstr(operation,
994 tomoyo_path_number_keyword[type])) 955 tomoyo_mac_keywords[tomoyo_pn2mac[type]]))
995 perm |= 1 << type; 956 perm |= 1 << type;
996 if (perm) 957 if (perm)
997 return tomoyo_update_path_number_acl(perm, param); 958 return tomoyo_update_path_number_acl(perm, param);
998 for (type = 0; type < TOMOYO_MAX_MKDEV_OPERATION; type++) 959 for (type = 0; type < TOMOYO_MAX_MKDEV_OPERATION; type++)
999 if (tomoyo_permstr(operation, tomoyo_mkdev_keyword[type])) 960 if (tomoyo_permstr(operation,
961 tomoyo_mac_keywords[tomoyo_pnnn2mac[type]]))
1000 perm |= 1 << type; 962 perm |= 1 << type;
1001 if (perm) 963 if (perm)
1002 return tomoyo_update_mkdev_acl(perm, param); 964 return tomoyo_update_mkdev_acl(perm, param);
1003 if (tomoyo_permstr(operation, "mount")) 965 if (tomoyo_permstr(operation,
966 tomoyo_mac_keywords[TOMOYO_MAC_FILE_MOUNT]))
1004 return tomoyo_update_mount_acl(param); 967 return tomoyo_update_mount_acl(param);
1005 return -EINVAL; 968 return -EINVAL;
1006} 969}
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-28 12:04:39 -0500