diff options
Diffstat (limited to 'security/tomoyo/tomoyo.c')
| -rw-r--r-- | security/tomoyo/tomoyo.c | 72 |
1 files changed, 27 insertions, 45 deletions
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 87e82bfeac2f..e3945d0511b8 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
| @@ -100,67 +100,56 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) | |||
| 100 | static int tomoyo_path_truncate(struct path *path, loff_t length, | 100 | static int tomoyo_path_truncate(struct path *path, loff_t length, |
| 101 | unsigned int time_attrs) | 101 | unsigned int time_attrs) |
| 102 | { | 102 | { |
| 103 | return tomoyo_check_1path_perm(tomoyo_domain(), | 103 | return tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_TRUNCATE, path); |
| 104 | TOMOYO_TYPE_TRUNCATE_ACL, | ||
| 105 | path); | ||
| 106 | } | 104 | } |
| 107 | 105 | ||
| 108 | static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) | 106 | static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) |
| 109 | { | 107 | { |
| 110 | struct path path = { parent->mnt, dentry }; | 108 | struct path path = { parent->mnt, dentry }; |
| 111 | return tomoyo_check_1path_perm(tomoyo_domain(), | 109 | return tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_UNLINK, &path); |
| 112 | TOMOYO_TYPE_UNLINK_ACL, | ||
| 113 | &path); | ||
| 114 | } | 110 | } |
| 115 | 111 | ||
| 116 | static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, | 112 | static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, |
| 117 | int mode) | 113 | int mode) |
| 118 | { | 114 | { |
| 119 | struct path path = { parent->mnt, dentry }; | 115 | struct path path = { parent->mnt, dentry }; |
| 120 | return tomoyo_check_1path_perm(tomoyo_domain(), | 116 | return tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_MKDIR, &path); |
| 121 | TOMOYO_TYPE_MKDIR_ACL, | ||
| 122 | &path); | ||
| 123 | } | 117 | } |
| 124 | 118 | ||
| 125 | static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) | 119 | static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) |
| 126 | { | 120 | { |
| 127 | struct path path = { parent->mnt, dentry }; | 121 | struct path path = { parent->mnt, dentry }; |
| 128 | return tomoyo_check_1path_perm(tomoyo_domain(), | 122 | return tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_RMDIR, &path); |
| 129 | TOMOYO_TYPE_RMDIR_ACL, | ||
| 130 | &path); | ||
| 131 | } | 123 | } |
| 132 | 124 | ||
| 133 | static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, | 125 | static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, |
| 134 | const char *old_name) | 126 | const char *old_name) |
| 135 | { | 127 | { |
| 136 | struct path path = { parent->mnt, dentry }; | 128 | struct path path = { parent->mnt, dentry }; |
| 137 | return tomoyo_check_1path_perm(tomoyo_domain(), | 129 | return tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_SYMLINK, &path); |
| 138 | TOMOYO_TYPE_SYMLINK_ACL, | ||
| 139 | &path); | ||
| 140 | } | 130 | } |
| 141 | 131 | ||
| 142 | static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, | 132 | static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, |
| 143 | int mode, unsigned int dev) | 133 | int mode, unsigned int dev) |
| 144 | { | 134 | { |
| 145 | struct path path = { parent->mnt, dentry }; | 135 | struct path path = { parent->mnt, dentry }; |
| 146 | int type = TOMOYO_TYPE_CREATE_ACL; | 136 | int type = TOMOYO_TYPE_CREATE; |
| 147 | 137 | ||
| 148 | switch (mode & S_IFMT) { | 138 | switch (mode & S_IFMT) { |
| 149 | case S_IFCHR: | 139 | case S_IFCHR: |
| 150 | type = TOMOYO_TYPE_MKCHAR_ACL; | 140 | type = TOMOYO_TYPE_MKCHAR; |
| 151 | break; | 141 | break; |
| 152 | case S_IFBLK: | 142 | case S_IFBLK: |
| 153 | type = TOMOYO_TYPE_MKBLOCK_ACL; | 143 | type = TOMOYO_TYPE_MKBLOCK; |
| 154 | break; | 144 | break; |
| 155 | case S_IFIFO: | 145 | case S_IFIFO: |
| 156 | type = TOMOYO_TYPE_MKFIFO_ACL; | 146 | type = TOMOYO_TYPE_MKFIFO; |
| 157 | break; | 147 | break; |
| 158 | case S_IFSOCK: | 148 | case S_IFSOCK: |
| 159 | type = TOMOYO_TYPE_MKSOCK_ACL; | 149 | type = TOMOYO_TYPE_MKSOCK; |
| 160 | break; | 150 | break; |
| 161 | } | 151 | } |
| 162 | return tomoyo_check_1path_perm(tomoyo_domain(), | 152 | return tomoyo_path_perm(tomoyo_domain(), type, &path); |
| 163 | type, &path); | ||
| 164 | } | 153 | } |
| 165 | 154 | ||
| 166 | static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, | 155 | static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, |
| @@ -168,9 +157,8 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, | |||
| 168 | { | 157 | { |
| 169 | struct path path1 = { new_dir->mnt, old_dentry }; | 158 | struct path path1 = { new_dir->mnt, old_dentry }; |
| 170 | struct path path2 = { new_dir->mnt, new_dentry }; | 159 | struct path path2 = { new_dir->mnt, new_dentry }; |
| 171 | return tomoyo_check_2path_perm(tomoyo_domain(), | 160 | return tomoyo_path2_perm(tomoyo_domain(), TOMOYO_TYPE_LINK, &path1, |
| 172 | TOMOYO_TYPE_LINK_ACL, | 161 | &path2); |
| 173 | &path1, &path2); | ||
| 174 | } | 162 | } |
| 175 | 163 | ||
| 176 | static int tomoyo_path_rename(struct path *old_parent, | 164 | static int tomoyo_path_rename(struct path *old_parent, |
| @@ -180,9 +168,8 @@ static int tomoyo_path_rename(struct path *old_parent, | |||
| 180 | { | 168 | { |
| 181 | struct path path1 = { old_parent->mnt, old_dentry }; | 169 | struct path path1 = { old_parent->mnt, old_dentry }; |
| 182 | struct path path2 = { new_parent->mnt, new_dentry }; | 170 | struct path path2 = { new_parent->mnt, new_dentry }; |
| 183 | return tomoyo_check_2path_perm(tomoyo_domain(), | 171 | return tomoyo_path2_perm(tomoyo_domain(), TOMOYO_TYPE_RENAME, &path1, |
| 184 | TOMOYO_TYPE_RENAME_ACL, | 172 | &path2); |
| 185 | &path1, &path2); | ||
| 186 | } | 173 | } |
| 187 | 174 | ||
| 188 | static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, | 175 | static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, |
| @@ -209,55 +196,50 @@ static int tomoyo_dentry_open(struct file *f, const struct cred *cred) | |||
| 209 | static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, | 196 | static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, |
| 210 | unsigned long arg) | 197 | unsigned long arg) |
| 211 | { | 198 | { |
| 212 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_IOCTL_ACL, | 199 | return tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_IOCTL, |
| 213 | &file->f_path); | 200 | &file->f_path); |
| 214 | } | 201 | } |
| 215 | 202 | ||
| 216 | static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, | 203 | static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, |
| 217 | mode_t mode) | 204 | mode_t mode) |
| 218 | { | 205 | { |
| 219 | struct path path = { mnt, dentry }; | 206 | struct path path = { mnt, dentry }; |
| 220 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHMOD_ACL, | 207 | return tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_CHMOD, &path); |
| 221 | &path); | ||
| 222 | } | 208 | } |
| 223 | 209 | ||
| 224 | static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid) | 210 | static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid) |
| 225 | { | 211 | { |
| 226 | int error = 0; | 212 | int error = 0; |
| 227 | if (uid != (uid_t) -1) | 213 | if (uid != (uid_t) -1) |
| 228 | error = tomoyo_check_1path_perm(tomoyo_domain(), | 214 | error = tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_CHOWN, |
| 229 | TOMOYO_TYPE_CHOWN_ACL, path); | 215 | path); |
| 230 | if (!error && gid != (gid_t) -1) | 216 | if (!error && gid != (gid_t) -1) |
| 231 | error = tomoyo_check_1path_perm(tomoyo_domain(), | 217 | error = tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_CHGRP, |
| 232 | TOMOYO_TYPE_CHGRP_ACL, path); | 218 | path); |
| 233 | return error; | 219 | return error; |
| 234 | } | 220 | } |
| 235 | 221 | ||
| 236 | static int tomoyo_path_chroot(struct path *path) | 222 | static int tomoyo_path_chroot(struct path *path) |
| 237 | { | 223 | { |
| 238 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHROOT_ACL, | 224 | return tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_CHROOT, path); |
| 239 | path); | ||
| 240 | } | 225 | } |
| 241 | 226 | ||
| 242 | static int tomoyo_sb_mount(char *dev_name, struct path *path, | 227 | static int tomoyo_sb_mount(char *dev_name, struct path *path, |
| 243 | char *type, unsigned long flags, void *data) | 228 | char *type, unsigned long flags, void *data) |
| 244 | { | 229 | { |
| 245 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_MOUNT_ACL, | 230 | return tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_MOUNT, path); |
| 246 | path); | ||
| 247 | } | 231 | } |
| 248 | 232 | ||
| 249 | static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) | 233 | static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) |
| 250 | { | 234 | { |
| 251 | struct path path = { mnt, mnt->mnt_root }; | 235 | struct path path = { mnt, mnt->mnt_root }; |
| 252 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_UMOUNT_ACL, | 236 | return tomoyo_path_perm(tomoyo_domain(), TOMOYO_TYPE_UMOUNT, &path); |
| 253 | &path); | ||
| 254 | } | 237 | } |
| 255 | 238 | ||
| 256 | static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) | 239 | static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) |
| 257 | { | 240 | { |
| 258 | return tomoyo_check_2path_perm(tomoyo_domain(), | 241 | return tomoyo_path2_perm(tomoyo_domain(), TOMOYO_TYPE_PIVOT_ROOT, |
| 259 | TOMOYO_TYPE_PIVOT_ROOT_ACL, | 242 | new_path, old_path); |
| 260 | new_path, old_path); | ||
| 261 | } | 243 | } |
| 262 | 244 | ||
| 263 | /* | 245 | /* |