diff options
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/common.c | 8 | ||||
-rw-r--r-- | security/tomoyo/common.h | 11 | ||||
-rw-r--r-- | security/tomoyo/file.c | 65 |
3 files changed, 14 insertions, 70 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 1a22fff89e70..ba8360382895 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -812,7 +812,7 @@ static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head, | |||
812 | continue; | 812 | continue; |
813 | pos = head->read_avail; | 813 | pos = head->read_avail; |
814 | if (!tomoyo_io_printf(head, "allow_%s ", | 814 | if (!tomoyo_io_printf(head, "allow_%s ", |
815 | tomoyo_path2keyword(bit)) || | 815 | tomoyo_path_keyword[bit]) || |
816 | !tomoyo_print_name_union(head, &ptr->name) || | 816 | !tomoyo_print_name_union(head, &ptr->name) || |
817 | !tomoyo_io_printf(head, "\n")) | 817 | !tomoyo_io_printf(head, "\n")) |
818 | goto out; | 818 | goto out; |
@@ -845,7 +845,7 @@ static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head, | |||
845 | continue; | 845 | continue; |
846 | pos = head->read_avail; | 846 | pos = head->read_avail; |
847 | if (!tomoyo_io_printf(head, "allow_%s ", | 847 | if (!tomoyo_io_printf(head, "allow_%s ", |
848 | tomoyo_path22keyword(bit)) || | 848 | tomoyo_path2_keyword[bit]) || |
849 | !tomoyo_print_name_union(head, &ptr->name1) || | 849 | !tomoyo_print_name_union(head, &ptr->name1) || |
850 | !tomoyo_print_name_union(head, &ptr->name2) || | 850 | !tomoyo_print_name_union(head, &ptr->name2) || |
851 | !tomoyo_io_printf(head, "\n")) | 851 | !tomoyo_io_printf(head, "\n")) |
@@ -879,7 +879,7 @@ static bool tomoyo_print_path_number_acl(struct tomoyo_io_buffer *head, | |||
879 | continue; | 879 | continue; |
880 | pos = head->read_avail; | 880 | pos = head->read_avail; |
881 | if (!tomoyo_io_printf(head, "allow_%s", | 881 | if (!tomoyo_io_printf(head, "allow_%s", |
882 | tomoyo_path_number2keyword(bit)) || | 882 | tomoyo_path_number_keyword[bit]) || |
883 | !tomoyo_print_name_union(head, &ptr->name) || | 883 | !tomoyo_print_name_union(head, &ptr->name) || |
884 | !tomoyo_print_number_union(head, &ptr->number) || | 884 | !tomoyo_print_number_union(head, &ptr->number) || |
885 | !tomoyo_io_printf(head, "\n")) | 885 | !tomoyo_io_printf(head, "\n")) |
@@ -913,7 +913,7 @@ static bool tomoyo_print_mkdev_acl(struct tomoyo_io_buffer *head, | |||
913 | continue; | 913 | continue; |
914 | pos = head->read_avail; | 914 | pos = head->read_avail; |
915 | if (!tomoyo_io_printf(head, "allow_%s", | 915 | if (!tomoyo_io_printf(head, "allow_%s", |
916 | tomoyo_mkdev2keyword(bit)) || | 916 | tomoyo_mkdev_keyword[bit]) || |
917 | !tomoyo_print_name_union(head, &ptr->name) || | 917 | !tomoyo_print_name_union(head, &ptr->name) || |
918 | !tomoyo_print_number_union(head, &ptr->mode) || | 918 | !tomoyo_print_number_union(head, &ptr->mode) || |
919 | !tomoyo_print_number_union(head, &ptr->major) || | 919 | !tomoyo_print_number_union(head, &ptr->major) || |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 9b106e9adbec..f4da7a8034a3 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -804,14 +804,8 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head); | |||
804 | bool tomoyo_tokenize(char *buffer, char *w[], size_t size); | 804 | bool tomoyo_tokenize(char *buffer, char *w[], size_t size); |
805 | /* Write domain policy violation warning message to console? */ | 805 | /* Write domain policy violation warning message to console? */ |
806 | bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); | 806 | bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); |
807 | /* Convert double path operation to operation name. */ | ||
808 | const char *tomoyo_path22keyword(const u8 operation); | ||
809 | const char *tomoyo_path_number2keyword(const u8 operation); | ||
810 | const char *tomoyo_mkdev2keyword(const u8 operation); | ||
811 | /* Get the last component of the given domainname. */ | 807 | /* Get the last component of the given domainname. */ |
812 | const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); | 808 | const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); |
813 | /* Convert single path operation to operation name. */ | ||
814 | const char *tomoyo_path2keyword(const u8 operation); | ||
815 | /* Fill "struct tomoyo_request_info". */ | 809 | /* Fill "struct tomoyo_request_info". */ |
816 | int tomoyo_init_request_info(struct tomoyo_request_info *r, | 810 | int tomoyo_init_request_info(struct tomoyo_request_info *r, |
817 | struct tomoyo_domain_info *domain, | 811 | struct tomoyo_domain_info *domain, |
@@ -985,6 +979,11 @@ extern bool tomoyo_policy_loaded; | |||
985 | /* The kernel's domain. */ | 979 | /* The kernel's domain. */ |
986 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | 980 | extern struct tomoyo_domain_info tomoyo_kernel_domain; |
987 | 981 | ||
982 | extern const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; | ||
983 | extern const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION]; | ||
984 | extern const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION]; | ||
985 | extern const char *tomoyo_path_number_keyword[TOMOYO_MAX_PATH_NUMBER_OPERATION]; | ||
986 | |||
988 | extern unsigned int tomoyo_quota_for_query; | 987 | extern unsigned int tomoyo_quota_for_query; |
989 | extern unsigned int tomoyo_query_memory_size; | 988 | extern unsigned int tomoyo_query_memory_size; |
990 | 989 | ||
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 94e1493ab6b6..67e65c7dde70 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -10,7 +10,7 @@ | |||
10 | #include <linux/slab.h> | 10 | #include <linux/slab.h> |
11 | 11 | ||
12 | /* Keyword array for operations with one pathname. */ | 12 | /* Keyword array for operations with one pathname. */ |
13 | static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = { | 13 | const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = { |
14 | [TOMOYO_TYPE_READ_WRITE] = "read/write", | 14 | [TOMOYO_TYPE_READ_WRITE] = "read/write", |
15 | [TOMOYO_TYPE_EXECUTE] = "execute", | 15 | [TOMOYO_TYPE_EXECUTE] = "execute", |
16 | [TOMOYO_TYPE_READ] = "read", | 16 | [TOMOYO_TYPE_READ] = "read", |
@@ -25,22 +25,20 @@ static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = { | |||
25 | }; | 25 | }; |
26 | 26 | ||
27 | /* Keyword array for operations with one pathname and three numbers. */ | 27 | /* Keyword array for operations with one pathname and three numbers. */ |
28 | static const char *tomoyo_mkdev_keyword | 28 | const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION] = { |
29 | [TOMOYO_MAX_MKDEV_OPERATION] = { | ||
30 | [TOMOYO_TYPE_MKBLOCK] = "mkblock", | 29 | [TOMOYO_TYPE_MKBLOCK] = "mkblock", |
31 | [TOMOYO_TYPE_MKCHAR] = "mkchar", | 30 | [TOMOYO_TYPE_MKCHAR] = "mkchar", |
32 | }; | 31 | }; |
33 | 32 | ||
34 | /* Keyword array for operations with two pathnames. */ | 33 | /* Keyword array for operations with two pathnames. */ |
35 | static const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION] = { | 34 | const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION] = { |
36 | [TOMOYO_TYPE_LINK] = "link", | 35 | [TOMOYO_TYPE_LINK] = "link", |
37 | [TOMOYO_TYPE_RENAME] = "rename", | 36 | [TOMOYO_TYPE_RENAME] = "rename", |
38 | [TOMOYO_TYPE_PIVOT_ROOT] = "pivot_root", | 37 | [TOMOYO_TYPE_PIVOT_ROOT] = "pivot_root", |
39 | }; | 38 | }; |
40 | 39 | ||
41 | /* Keyword array for operations with one pathname and one number. */ | 40 | /* Keyword array for operations with one pathname and one number. */ |
42 | static const char *tomoyo_path_number_keyword | 41 | const char *tomoyo_path_number_keyword[TOMOYO_MAX_PATH_NUMBER_OPERATION] = { |
43 | [TOMOYO_MAX_PATH_NUMBER_OPERATION] = { | ||
44 | [TOMOYO_TYPE_CREATE] = "create", | 42 | [TOMOYO_TYPE_CREATE] = "create", |
45 | [TOMOYO_TYPE_MKDIR] = "mkdir", | 43 | [TOMOYO_TYPE_MKDIR] = "mkdir", |
46 | [TOMOYO_TYPE_MKFIFO] = "mkfifo", | 44 | [TOMOYO_TYPE_MKFIFO] = "mkfifo", |
@@ -119,58 +117,6 @@ bool tomoyo_compare_number_union(const unsigned long value, | |||
119 | return value >= ptr->values[0] && value <= ptr->values[1]; | 117 | return value >= ptr->values[0] && value <= ptr->values[1]; |
120 | } | 118 | } |
121 | 119 | ||
122 | /** | ||
123 | * tomoyo_path2keyword - Get the name of single path operation. | ||
124 | * | ||
125 | * @operation: Type of operation. | ||
126 | * | ||
127 | * Returns the name of single path operation. | ||
128 | */ | ||
129 | const char *tomoyo_path2keyword(const u8 operation) | ||
130 | { | ||
131 | return (operation < TOMOYO_MAX_PATH_OPERATION) | ||
132 | ? tomoyo_path_keyword[operation] : NULL; | ||
133 | } | ||
134 | |||
135 | /** | ||
136 | * tomoyo_mkdev2keyword - Get the name of path/number/number/number operations. | ||
137 | * | ||
138 | * @operation: Type of operation. | ||
139 | * | ||
140 | * Returns the name of path/number/number/number operation. | ||
141 | */ | ||
142 | const char *tomoyo_mkdev2keyword(const u8 operation) | ||
143 | { | ||
144 | return (operation < TOMOYO_MAX_MKDEV_OPERATION) | ||
145 | ? tomoyo_mkdev_keyword[operation] : NULL; | ||
146 | } | ||
147 | |||
148 | /** | ||
149 | * tomoyo_path22keyword - Get the name of double path operation. | ||
150 | * | ||
151 | * @operation: Type of operation. | ||
152 | * | ||
153 | * Returns the name of double path operation. | ||
154 | */ | ||
155 | const char *tomoyo_path22keyword(const u8 operation) | ||
156 | { | ||
157 | return (operation < TOMOYO_MAX_PATH2_OPERATION) | ||
158 | ? tomoyo_path2_keyword[operation] : NULL; | ||
159 | } | ||
160 | |||
161 | /** | ||
162 | * tomoyo_path_number2keyword - Get the name of path/number operations. | ||
163 | * | ||
164 | * @operation: Type of operation. | ||
165 | * | ||
166 | * Returns the name of path/number operation. | ||
167 | */ | ||
168 | const char *tomoyo_path_number2keyword(const u8 operation) | ||
169 | { | ||
170 | return (operation < TOMOYO_MAX_PATH_NUMBER_OPERATION) | ||
171 | ? tomoyo_path_number_keyword[operation] : NULL; | ||
172 | } | ||
173 | |||
174 | static void tomoyo_add_slash(struct tomoyo_path_info *buf) | 120 | static void tomoyo_add_slash(struct tomoyo_path_info *buf) |
175 | { | 121 | { |
176 | if (buf->is_dir) | 122 | if (buf->is_dir) |
@@ -266,8 +212,7 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) | |||
266 | */ | 212 | */ |
267 | static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) | 213 | static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) |
268 | { | 214 | { |
269 | const char *operation = tomoyo_mkdev2keyword(r->param.mkdev. | 215 | const char *operation = tomoyo_mkdev_keyword[r->param.mkdev.operation]; |
270 | operation); | ||
271 | const struct tomoyo_path_info *filename = r->param.mkdev.filename; | 216 | const struct tomoyo_path_info *filename = r->param.mkdev.filename; |
272 | const unsigned int major = r->param.mkdev.major; | 217 | const unsigned int major = r->param.mkdev.major; |
273 | const unsigned int minor = r->param.mkdev.minor; | 218 | const unsigned int minor = r->param.mkdev.minor; |