diff options
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/file.c | 50 |
1 files changed, 9 insertions, 41 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 67e65c7dde70..de87c45ba9d0 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -265,14 +265,6 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r) | |||
265 | tomoyo_file_pattern(filename), buffer); | 265 | tomoyo_file_pattern(filename), buffer); |
266 | } | 266 | } |
267 | 267 | ||
268 | static int tomoyo_update_path2_acl(const u8 type, const char *filename1, | ||
269 | const char *filename2, | ||
270 | struct tomoyo_domain_info *const domain, | ||
271 | const bool is_delete); | ||
272 | static int tomoyo_update_path_acl(const u8 type, const char *filename, | ||
273 | struct tomoyo_domain_info *const domain, | ||
274 | const bool is_delete); | ||
275 | |||
276 | /* | 268 | /* |
277 | * tomoyo_globally_readable_list is used for holding list of pathnames which | 269 | * tomoyo_globally_readable_list is used for holding list of pathnames which |
278 | * are by default allowed to be open()ed for reading by any process. | 270 | * are by default allowed to be open()ed for reading by any process. |
@@ -1046,37 +1038,6 @@ static int tomoyo_update_path_number_acl(const u8 type, const char *filename, | |||
1046 | } | 1038 | } |
1047 | 1039 | ||
1048 | /** | 1040 | /** |
1049 | * tomoyo_path_number_perm2 - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp". | ||
1050 | * | ||
1051 | * @r: Pointer to "strct tomoyo_request_info". | ||
1052 | * @filename: Filename to check. | ||
1053 | * @number: Number. | ||
1054 | * | ||
1055 | * Returns 0 on success, negative value otherwise. | ||
1056 | * | ||
1057 | * Caller holds tomoyo_read_lock(). | ||
1058 | */ | ||
1059 | static int tomoyo_path_number_perm2(struct tomoyo_request_info *r, | ||
1060 | const u8 type, | ||
1061 | const struct tomoyo_path_info *filename, | ||
1062 | const unsigned long number) | ||
1063 | { | ||
1064 | int error; | ||
1065 | |||
1066 | if (!filename) | ||
1067 | return 0; | ||
1068 | r->param_type = TOMOYO_TYPE_PATH_NUMBER_ACL; | ||
1069 | r->param.path_number.operation = type; | ||
1070 | r->param.path_number.filename = filename; | ||
1071 | r->param.path_number.number = number; | ||
1072 | do { | ||
1073 | tomoyo_check_acl(r, tomoyo_check_path_number_acl); | ||
1074 | error = tomoyo_audit_path_number_log(r); | ||
1075 | } while (error == TOMOYO_RETRY_REQUEST); | ||
1076 | return error; | ||
1077 | } | ||
1078 | |||
1079 | /** | ||
1080 | * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp". | 1041 | * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp". |
1081 | * | 1042 | * |
1082 | * @type: Type of operation. | 1043 | * @type: Type of operation. |
@@ -1101,9 +1062,16 @@ int tomoyo_path_number_perm(const u8 type, struct path *path, | |||
1101 | goto out; | 1062 | goto out; |
1102 | if (type == TOMOYO_TYPE_MKDIR) | 1063 | if (type == TOMOYO_TYPE_MKDIR) |
1103 | tomoyo_add_slash(&buf); | 1064 | tomoyo_add_slash(&buf); |
1104 | error = tomoyo_path_number_perm2(&r, type, &buf, number); | 1065 | r.param_type = TOMOYO_TYPE_PATH_NUMBER_ACL; |
1105 | out: | 1066 | r.param.path_number.operation = type; |
1067 | r.param.path_number.filename = &buf; | ||
1068 | r.param.path_number.number = number; | ||
1069 | do { | ||
1070 | tomoyo_check_acl(&r, tomoyo_check_path_number_acl); | ||
1071 | error = tomoyo_audit_path_number_log(&r); | ||
1072 | } while (error == TOMOYO_RETRY_REQUEST); | ||
1106 | kfree(buf.name); | 1073 | kfree(buf.name); |
1074 | out: | ||
1107 | tomoyo_read_unlock(idx); | 1075 | tomoyo_read_unlock(idx); |
1108 | if (r.mode != TOMOYO_CONFIG_ENFORCING) | 1076 | if (r.mode != TOMOYO_CONFIG_ENFORCING) |
1109 | error = 0; | 1077 | error = 0; |