aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.c8
-rw-r--r--security/tomoyo/common.h11
-rw-r--r--security/tomoyo/file.c65
3 files changed, 14 insertions, 70 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 1a22fff89e70..ba8360382895 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -812,7 +812,7 @@ static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head,
812 continue; 812 continue;
813 pos = head->read_avail; 813 pos = head->read_avail;
814 if (!tomoyo_io_printf(head, "allow_%s ", 814 if (!tomoyo_io_printf(head, "allow_%s ",
815 tomoyo_path2keyword(bit)) || 815 tomoyo_path_keyword[bit]) ||
816 !tomoyo_print_name_union(head, &ptr->name) || 816 !tomoyo_print_name_union(head, &ptr->name) ||
817 !tomoyo_io_printf(head, "\n")) 817 !tomoyo_io_printf(head, "\n"))
818 goto out; 818 goto out;
@@ -845,7 +845,7 @@ static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head,
845 continue; 845 continue;
846 pos = head->read_avail; 846 pos = head->read_avail;
847 if (!tomoyo_io_printf(head, "allow_%s ", 847 if (!tomoyo_io_printf(head, "allow_%s ",
848 tomoyo_path22keyword(bit)) || 848 tomoyo_path2_keyword[bit]) ||
849 !tomoyo_print_name_union(head, &ptr->name1) || 849 !tomoyo_print_name_union(head, &ptr->name1) ||
850 !tomoyo_print_name_union(head, &ptr->name2) || 850 !tomoyo_print_name_union(head, &ptr->name2) ||
851 !tomoyo_io_printf(head, "\n")) 851 !tomoyo_io_printf(head, "\n"))
@@ -879,7 +879,7 @@ static bool tomoyo_print_path_number_acl(struct tomoyo_io_buffer *head,
879 continue; 879 continue;
880 pos = head->read_avail; 880 pos = head->read_avail;
881 if (!tomoyo_io_printf(head, "allow_%s", 881 if (!tomoyo_io_printf(head, "allow_%s",
882 tomoyo_path_number2keyword(bit)) || 882 tomoyo_path_number_keyword[bit]) ||
883 !tomoyo_print_name_union(head, &ptr->name) || 883 !tomoyo_print_name_union(head, &ptr->name) ||
884 !tomoyo_print_number_union(head, &ptr->number) || 884 !tomoyo_print_number_union(head, &ptr->number) ||
885 !tomoyo_io_printf(head, "\n")) 885 !tomoyo_io_printf(head, "\n"))
@@ -913,7 +913,7 @@ static bool tomoyo_print_mkdev_acl(struct tomoyo_io_buffer *head,
913 continue; 913 continue;
914 pos = head->read_avail; 914 pos = head->read_avail;
915 if (!tomoyo_io_printf(head, "allow_%s", 915 if (!tomoyo_io_printf(head, "allow_%s",
916 tomoyo_mkdev2keyword(bit)) || 916 tomoyo_mkdev_keyword[bit]) ||
917 !tomoyo_print_name_union(head, &ptr->name) || 917 !tomoyo_print_name_union(head, &ptr->name) ||
918 !tomoyo_print_number_union(head, &ptr->mode) || 918 !tomoyo_print_number_union(head, &ptr->mode) ||
919 !tomoyo_print_number_union(head, &ptr->major) || 919 !tomoyo_print_number_union(head, &ptr->major) ||
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 9b106e9adbec..f4da7a8034a3 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -804,14 +804,8 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head);
804bool tomoyo_tokenize(char *buffer, char *w[], size_t size); 804bool tomoyo_tokenize(char *buffer, char *w[], size_t size);
805/* Write domain policy violation warning message to console? */ 805/* Write domain policy violation warning message to console? */
806bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); 806bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain);
807/* Convert double path operation to operation name. */
808const char *tomoyo_path22keyword(const u8 operation);
809const char *tomoyo_path_number2keyword(const u8 operation);
810const char *tomoyo_mkdev2keyword(const u8 operation);
811/* Get the last component of the given domainname. */ 807/* Get the last component of the given domainname. */
812const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); 808const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);
813/* Convert single path operation to operation name. */
814const char *tomoyo_path2keyword(const u8 operation);
815/* Fill "struct tomoyo_request_info". */ 809/* Fill "struct tomoyo_request_info". */
816int tomoyo_init_request_info(struct tomoyo_request_info *r, 810int tomoyo_init_request_info(struct tomoyo_request_info *r,
817 struct tomoyo_domain_info *domain, 811 struct tomoyo_domain_info *domain,
@@ -985,6 +979,11 @@ extern bool tomoyo_policy_loaded;
985/* The kernel's domain. */ 979/* The kernel's domain. */
986extern struct tomoyo_domain_info tomoyo_kernel_domain; 980extern struct tomoyo_domain_info tomoyo_kernel_domain;
987 981
982extern const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION];
983extern const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION];
984extern const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION];
985extern const char *tomoyo_path_number_keyword[TOMOYO_MAX_PATH_NUMBER_OPERATION];
986
988extern unsigned int tomoyo_quota_for_query; 987extern unsigned int tomoyo_quota_for_query;
989extern unsigned int tomoyo_query_memory_size; 988extern unsigned int tomoyo_query_memory_size;
990 989
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 94e1493ab6b6..67e65c7dde70 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -10,7 +10,7 @@
10#include <linux/slab.h> 10#include <linux/slab.h>
11 11
12/* Keyword array for operations with one pathname. */ 12/* Keyword array for operations with one pathname. */
13static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = { 13const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
14 [TOMOYO_TYPE_READ_WRITE] = "read/write", 14 [TOMOYO_TYPE_READ_WRITE] = "read/write",
15 [TOMOYO_TYPE_EXECUTE] = "execute", 15 [TOMOYO_TYPE_EXECUTE] = "execute",
16 [TOMOYO_TYPE_READ] = "read", 16 [TOMOYO_TYPE_READ] = "read",
@@ -25,22 +25,20 @@ static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
25}; 25};
26 26
27/* Keyword array for operations with one pathname and three numbers. */ 27/* Keyword array for operations with one pathname and three numbers. */
28static const char *tomoyo_mkdev_keyword 28const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION] = {
29[TOMOYO_MAX_MKDEV_OPERATION] = {
30 [TOMOYO_TYPE_MKBLOCK] = "mkblock", 29 [TOMOYO_TYPE_MKBLOCK] = "mkblock",
31 [TOMOYO_TYPE_MKCHAR] = "mkchar", 30 [TOMOYO_TYPE_MKCHAR] = "mkchar",
32}; 31};
33 32
34/* Keyword array for operations with two pathnames. */ 33/* Keyword array for operations with two pathnames. */
35static const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION] = { 34const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION] = {
36 [TOMOYO_TYPE_LINK] = "link", 35 [TOMOYO_TYPE_LINK] = "link",
37 [TOMOYO_TYPE_RENAME] = "rename", 36 [TOMOYO_TYPE_RENAME] = "rename",
38 [TOMOYO_TYPE_PIVOT_ROOT] = "pivot_root", 37 [TOMOYO_TYPE_PIVOT_ROOT] = "pivot_root",
39}; 38};
40 39
41/* Keyword array for operations with one pathname and one number. */ 40/* Keyword array for operations with one pathname and one number. */
42static const char *tomoyo_path_number_keyword 41const char *tomoyo_path_number_keyword[TOMOYO_MAX_PATH_NUMBER_OPERATION] = {
43[TOMOYO_MAX_PATH_NUMBER_OPERATION] = {
44 [TOMOYO_TYPE_CREATE] = "create", 42 [TOMOYO_TYPE_CREATE] = "create",
45 [TOMOYO_TYPE_MKDIR] = "mkdir", 43 [TOMOYO_TYPE_MKDIR] = "mkdir",
46 [TOMOYO_TYPE_MKFIFO] = "mkfifo", 44 [TOMOYO_TYPE_MKFIFO] = "mkfifo",
@@ -119,58 +117,6 @@ bool tomoyo_compare_number_union(const unsigned long value,
119 return value >= ptr->values[0] && value <= ptr->values[1]; 117 return value >= ptr->values[0] && value <= ptr->values[1];
120} 118}
121 119
122/**
123 * tomoyo_path2keyword - Get the name of single path operation.
124 *
125 * @operation: Type of operation.
126 *
127 * Returns the name of single path operation.
128 */
129const char *tomoyo_path2keyword(const u8 operation)
130{
131 return (operation < TOMOYO_MAX_PATH_OPERATION)
132 ? tomoyo_path_keyword[operation] : NULL;
133}
134
135/**
136 * tomoyo_mkdev2keyword - Get the name of path/number/number/number operations.
137 *
138 * @operation: Type of operation.
139 *
140 * Returns the name of path/number/number/number operation.
141 */
142const char *tomoyo_mkdev2keyword(const u8 operation)
143{
144 return (operation < TOMOYO_MAX_MKDEV_OPERATION)
145 ? tomoyo_mkdev_keyword[operation] : NULL;
146}
147
148/**
149 * tomoyo_path22keyword - Get the name of double path operation.
150 *
151 * @operation: Type of operation.
152 *
153 * Returns the name of double path operation.
154 */
155const char *tomoyo_path22keyword(const u8 operation)
156{
157 return (operation < TOMOYO_MAX_PATH2_OPERATION)
158 ? tomoyo_path2_keyword[operation] : NULL;
159}
160
161/**
162 * tomoyo_path_number2keyword - Get the name of path/number operations.
163 *
164 * @operation: Type of operation.
165 *
166 * Returns the name of path/number operation.
167 */
168const char *tomoyo_path_number2keyword(const u8 operation)
169{
170 return (operation < TOMOYO_MAX_PATH_NUMBER_OPERATION)
171 ? tomoyo_path_number_keyword[operation] : NULL;
172}
173
174static void tomoyo_add_slash(struct tomoyo_path_info *buf) 120static void tomoyo_add_slash(struct tomoyo_path_info *buf)
175{ 121{
176 if (buf->is_dir) 122 if (buf->is_dir)
@@ -266,8 +212,7 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r)
266 */ 212 */
267static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) 213static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r)
268{ 214{
269 const char *operation = tomoyo_mkdev2keyword(r->param.mkdev. 215 const char *operation = tomoyo_mkdev_keyword[r->param.mkdev.operation];
270 operation);
271 const struct tomoyo_path_info *filename = r->param.mkdev.filename; 216 const struct tomoyo_path_info *filename = r->param.mkdev.filename;
272 const unsigned int major = r->param.mkdev.major; 217 const unsigned int major = r->param.mkdev.major;
273 const unsigned int minor = r->param.mkdev.minor; 218 const unsigned int minor = r->param.mkdev.minor;