}
/**
- * tomoyo_find_or_assign_new_profile - Create a new profile.
+ * tomoyo_assign_profile - Create a new profile.
*
* @profile: Profile number to create.
*
* Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
*/
-static struct tomoyo_profile *tomoyo_find_or_assign_new_profile
-(const unsigned int profile)
+static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile)
{
struct tomoyo_profile *ptr;
struct tomoyo_profile *entry;
if (*cp != '-')
return -EINVAL;
data = cp + 1;
- profile = tomoyo_find_or_assign_new_profile(i);
+ profile = tomoyo_assign_profile(i);
if (!profile)
return -EINVAL;
}
goto next;
}
-static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a,
- const struct tomoyo_acl_head *b)
+static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
+ const struct tomoyo_acl_head *b)
{
- return container_of(a, struct tomoyo_policy_manager_entry, head)
- ->manager ==
- container_of(b, struct tomoyo_policy_manager_entry, head)
- ->manager;
+ return container_of(a, struct tomoyo_manager, head)->manager ==
+ container_of(b, struct tomoyo_manager, head)->manager;
}
/**
static int tomoyo_update_manager_entry(const char *manager,
const bool is_delete)
{
- struct tomoyo_policy_manager_entry e = { };
+ struct tomoyo_manager e = { };
int error;
if (tomoyo_domain_def(manager)) {
return -ENOMEM;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
&tomoyo_policy_list[TOMOYO_ID_MANAGER],
- tomoyo_same_manager_entry);
+ tomoyo_same_manager);
tomoyo_put_name(e.manager);
return error;
}
/**
- * tomoyo_write_manager_policy - Write manager policy.
+ * tomoyo_write_manager - Write manager policy.
*
* @head: Pointer to "struct tomoyo_io_buffer".
*
*
* Caller holds tomoyo_read_lock().
*/
-static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
+static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
{
char *data = head->write_buf;
bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
}
/**
- * tomoyo_read_manager_policy - Read manager policy.
+ * tomoyo_read_manager - Read manager policy.
*
* @head: Pointer to "struct tomoyo_io_buffer".
*
* Caller holds tomoyo_read_lock().
*/
-static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
+static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
{
if (head->r.eof)
return;
list_for_each_cookie(head->r.acl,
&tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
- struct tomoyo_policy_manager_entry *ptr =
+ struct tomoyo_manager *ptr =
list_entry(head->r.acl, typeof(*ptr), head.list);
if (ptr->head.is_deleted)
continue;
}
/**
- * tomoyo_policy_manager - Check whether the current process is a policy manager.
+ * tomoyo_manager - Check whether the current process is a policy manager.
*
* Returns true if the current process is permitted to modify policy
* via /sys/kernel/security/tomoyo/ interface.
*
* Caller holds tomoyo_read_lock().
*/
-static bool tomoyo_policy_manager(void)
+static bool tomoyo_manager(void)
{
- struct tomoyo_policy_manager_entry *ptr;
+ struct tomoyo_manager *ptr;
const char *exe;
const struct task_struct *task = current;
const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
}
/**
- * tomoyo_write_domain_policy2 - Write domain policy.
+ * tomoyo_write_domain2 - Write domain policy.
*
* @head: Pointer to "struct tomoyo_io_buffer".
*
*
* Caller holds tomoyo_read_lock().
*/
-static int tomoyo_write_domain_policy2(char *data,
- struct tomoyo_domain_info *domain,
- const bool is_delete)
+static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain,
+ const bool is_delete)
{
if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT))
- return tomoyo_write_mount_policy(data, domain, is_delete);
- return tomoyo_write_file_policy(data, domain, is_delete);
+ return tomoyo_write_mount(data, domain, is_delete);
+ return tomoyo_write_file(data, domain, is_delete);
}
/**
- * tomoyo_write_domain_policy - Write domain policy.
+ * tomoyo_write_domain - Write domain policy.
*
* @head: Pointer to "struct tomoyo_io_buffer".
*
*
* Caller holds tomoyo_read_lock().
*/
-static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
+static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
{
char *data = head->write_buf;
struct tomoyo_domain_info *domain = head->write_var1;
if (is_select && tomoyo_select_one(head, data))
return 0;
/* Don't allow updating policies by non manager programs. */
- if (!tomoyo_policy_manager())
+ if (!tomoyo_manager())
return -EPERM;
if (tomoyo_domain_def(data)) {
domain = NULL;
else if (is_select)
domain = tomoyo_find_domain(data);
else
- domain = tomoyo_find_or_assign_new_domain(data, 0);
+ domain = tomoyo_assign_domain(data, 0);
head->write_var1 = domain;
return 0;
}
domain->transition_failed = !is_delete;
return 0;
}
- return tomoyo_write_domain_policy2(data, domain, is_delete);
+ return tomoyo_write_domain2(data, domain, is_delete);
}
/**
}
/**
- * tomoyo_read_domain_policy - Read domain policy.
+ * tomoyo_read_domain - Read domain policy.
*
* @head: Pointer to "struct tomoyo_io_buffer".
*
* Caller holds tomoyo_read_lock().
*/
-static void tomoyo_read_domain_policy(struct tomoyo_io_buffer *head)
+static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
{
if (head->r.eof)
return;
[TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN
};
+static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
+ [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,
+ [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP
+};
+
/**
- * tomoyo_write_exception_policy - Write exception policy.
+ * tomoyo_write_exception - Write exception policy.
*
* @head: Pointer to "struct tomoyo_io_buffer".
*
*
* Caller holds tomoyo_read_lock().
*/
-static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
+static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
{
char *data = head->write_buf;
bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
u8 i;
-
- for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) {
+ static const struct {
+ const char *keyword;
+ int (*write) (char *, const bool);
+ } tomoyo_callback[4] = {
+ { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator },
+ { TOMOYO_KEYWORD_FILE_PATTERN, tomoyo_write_pattern },
+ { TOMOYO_KEYWORD_DENY_REWRITE, tomoyo_write_no_rewrite },
+ { TOMOYO_KEYWORD_ALLOW_READ, tomoyo_write_globally_readable },
+ };
+
+ for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))
return tomoyo_write_transition_control(data, is_delete,
i);
- }
- if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR))
- return tomoyo_write_aggregator_policy(data, is_delete);
- if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ))
- return tomoyo_write_globally_readable_policy(data, is_delete);
- if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN))
- return tomoyo_write_pattern_policy(data, is_delete);
- if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE))
- return tomoyo_write_no_rewrite_policy(data, is_delete);
- if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_PATH_GROUP))
- return tomoyo_write_group(data, is_delete, TOMOYO_PATH_GROUP);
- if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NUMBER_GROUP))
- return tomoyo_write_group(data, is_delete, TOMOYO_NUMBER_GROUP);
+ for (i = 0; i < 4; i++)
+ if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword))
+ return tomoyo_callback[i].write(data, is_delete);
+ for (i = 0; i < TOMOYO_MAX_GROUP; i++)
+ if (tomoyo_str_starts(&data, tomoyo_group_name[i]))
+ return tomoyo_write_group(data, is_delete, i);
return -EINVAL;
}
-static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
- [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,
- [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP
-};
-
/**
* tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
*
break;
case TOMOYO_ID_GLOBALLY_READABLE:
{
- struct tomoyo_globally_readable_file_entry *ptr
- = container_of(acl, typeof(*ptr), head);
+ struct tomoyo_readable_file *ptr =
+ container_of(acl, typeof(*ptr), head);
tomoyo_set_string(head,
TOMOYO_KEYWORD_ALLOW_READ);
tomoyo_set_string(head, ptr->filename->name);
break;
case TOMOYO_ID_AGGREGATOR:
{
- struct tomoyo_aggregator_entry *ptr =
+ struct tomoyo_aggregator *ptr =
container_of(acl, typeof(*ptr), head);
tomoyo_set_string(head,
TOMOYO_KEYWORD_AGGREGATOR);
break;
case TOMOYO_ID_PATTERN:
{
- struct tomoyo_pattern_entry *ptr =
+ struct tomoyo_no_pattern *ptr =
container_of(acl, typeof(*ptr), head);
tomoyo_set_string(head,
TOMOYO_KEYWORD_FILE_PATTERN);
break;
case TOMOYO_ID_NO_REWRITE:
{
- struct tomoyo_no_rewrite_entry *ptr =
+ struct tomoyo_no_rewrite *ptr =
container_of(acl, typeof(*ptr), head);
tomoyo_set_string(head,
TOMOYO_KEYWORD_DENY_REWRITE);
}
/**
- * tomoyo_read_exception_policy - Read exception policy.
+ * tomoyo_read_exception - Read exception policy.
*
* @head: Pointer to "struct tomoyo_io_buffer".
*
* Caller holds tomoyo_read_lock().
*/
-static void tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
+static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
{
if (head->r.eof)
return;
static DEFINE_SPINLOCK(tomoyo_query_list_lock);
/* Structure for query. */
-struct tomoyo_query_entry {
+struct tomoyo_query {
struct list_head list;
char *query;
int query_len;
int answer;
};
-/* The list for "struct tomoyo_query_entry". */
+/* The list for "struct tomoyo_query". */
static LIST_HEAD(tomoyo_query_list);
/*
int pos;
int len;
static unsigned int tomoyo_serial;
- struct tomoyo_query_entry *tomoyo_query_entry = NULL;
+ struct tomoyo_query *entry = NULL;
bool quota_exceeded = false;
char *header;
switch (r->mode) {
vsnprintf(buffer, len - 1, fmt, args);
va_end(args);
tomoyo_normalize_line(buffer);
- tomoyo_write_domain_policy2(buffer, r->domain, false);
+ tomoyo_write_domain2(buffer, r->domain, false);
kfree(buffer);
/* fall through */
case TOMOYO_CONFIG_PERMISSIVE:
header = tomoyo_init_audit_log(&len, r);
if (!header)
goto out;
- tomoyo_query_entry = kzalloc(sizeof(*tomoyo_query_entry), GFP_NOFS);
- if (!tomoyo_query_entry)
+ entry = kzalloc(sizeof(*entry), GFP_NOFS);
+ if (!entry)
goto out;
- tomoyo_query_entry->query = kzalloc(len, GFP_NOFS);
- if (!tomoyo_query_entry->query)
+ entry->query = kzalloc(len, GFP_NOFS);
+ if (!entry->query)
goto out;
- len = ksize(tomoyo_query_entry->query);
- INIT_LIST_HEAD(&tomoyo_query_entry->list);
+ len = ksize(entry->query);
spin_lock(&tomoyo_query_list_lock);
if (tomoyo_quota_for_query && tomoyo_query_memory_size + len +
- sizeof(*tomoyo_query_entry) >= tomoyo_quota_for_query) {
+ sizeof(*entry) >= tomoyo_quota_for_query) {
quota_exceeded = true;
} else {
- tomoyo_query_memory_size += len + sizeof(*tomoyo_query_entry);
- tomoyo_query_entry->serial = tomoyo_serial++;
+ tomoyo_query_memory_size += len + sizeof(*entry);
+ entry->serial = tomoyo_serial++;
}
spin_unlock(&tomoyo_query_list_lock);
if (quota_exceeded)
goto out;
- pos = snprintf(tomoyo_query_entry->query, len - 1, "Q%u-%hu\n%s",
- tomoyo_query_entry->serial, r->retry, header);
+ pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s",
+ entry->serial, r->retry, header);
kfree(header);
header = NULL;
va_start(args, fmt);
- vsnprintf(tomoyo_query_entry->query + pos, len - 1 - pos, fmt, args);
- tomoyo_query_entry->query_len = strlen(tomoyo_query_entry->query) + 1;
+ vsnprintf(entry->query + pos, len - 1 - pos, fmt, args);
+ entry->query_len = strlen(entry->query) + 1;
va_end(args);
spin_lock(&tomoyo_query_list_lock);
- list_add_tail(&tomoyo_query_entry->list, &tomoyo_query_list);
+ list_add_tail(&entry->list, &tomoyo_query_list);
spin_unlock(&tomoyo_query_list_lock);
/* Give 10 seconds for supervisor's opinion. */
- for (tomoyo_query_entry->timer = 0;
- atomic_read(&tomoyo_query_observers) && tomoyo_query_entry->timer < 100;
- tomoyo_query_entry->timer++) {
+ for (entry->timer = 0;
+ atomic_read(&tomoyo_query_observers) && entry->timer < 100;
+ entry->timer++) {
wake_up(&tomoyo_query_wait);
set_current_state(TASK_INTERRUPTIBLE);
schedule_timeout(HZ / 10);
- if (tomoyo_query_entry->answer)
+ if (entry->answer)
break;
}
spin_lock(&tomoyo_query_list_lock);
- list_del(&tomoyo_query_entry->list);
- tomoyo_query_memory_size -= len + sizeof(*tomoyo_query_entry);
+ list_del(&entry->list);
+ tomoyo_query_memory_size -= len + sizeof(*entry);
spin_unlock(&tomoyo_query_list_lock);
- switch (tomoyo_query_entry->answer) {
+ switch (entry->answer) {
case 3: /* Asked to retry by administrator. */
error = TOMOYO_RETRY_REQUEST;
r->retry++;
break;
}
out:
- if (tomoyo_query_entry)
- kfree(tomoyo_query_entry->query);
- kfree(tomoyo_query_entry);
+ if (entry)
+ kfree(entry->query);
+ kfree(entry);
kfree(header);
return error;
}
for (i = 0; i < 2; i++) {
spin_lock(&tomoyo_query_list_lock);
list_for_each(tmp, &tomoyo_query_list) {
- struct tomoyo_query_entry *ptr
- = list_entry(tmp, struct tomoyo_query_entry,
- list);
+ struct tomoyo_query *ptr =
+ list_entry(tmp, typeof(*ptr), list);
if (ptr->answer)
continue;
found = true;
}
spin_lock(&tomoyo_query_list_lock);
list_for_each(tmp, &tomoyo_query_list) {
- struct tomoyo_query_entry *ptr =
- list_entry(tmp, typeof(*ptr), list);
+ struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
if (ptr->answer)
continue;
if (pos++ != head->r.query_index)
pos = 0;
spin_lock(&tomoyo_query_list_lock);
list_for_each(tmp, &tomoyo_query_list) {
- struct tomoyo_query_entry *ptr =
- list_entry(tmp, typeof(*ptr), list);
+ struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
if (ptr->answer)
continue;
if (pos++ != head->r.query_index)
unsigned int answer;
spin_lock(&tomoyo_query_list_lock);
list_for_each(tmp, &tomoyo_query_list) {
- struct tomoyo_query_entry *ptr
- = list_entry(tmp, struct tomoyo_query_entry, list);
+ struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
ptr->timer = 0;
}
spin_unlock(&tomoyo_query_list_lock);
return -EINVAL;
spin_lock(&tomoyo_query_list_lock);
list_for_each(tmp, &tomoyo_query_list) {
- struct tomoyo_query_entry *ptr
- = list_entry(tmp, struct tomoyo_query_entry, list);
+ struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
if (ptr->serial != serial)
continue;
if (!ptr->answer)
static void tomoyo_read_version(struct tomoyo_io_buffer *head)
{
if (!head->r.eof) {
- tomoyo_io_printf(head, "2.3.0-pre");
+ tomoyo_io_printf(head, "2.3.0");
head->r.eof = true;
}
}
switch (type) {
case TOMOYO_DOMAINPOLICY:
/* /sys/kernel/security/tomoyo/domain_policy */
- head->write = tomoyo_write_domain_policy;
- head->read = tomoyo_read_domain_policy;
+ head->write = tomoyo_write_domain;
+ head->read = tomoyo_read_domain;
break;
case TOMOYO_EXCEPTIONPOLICY:
/* /sys/kernel/security/tomoyo/exception_policy */
- head->write = tomoyo_write_exception_policy;
- head->read = tomoyo_read_exception_policy;
+ head->write = tomoyo_write_exception;
+ head->read = tomoyo_read_exception;
break;
case TOMOYO_SELFDOMAIN:
/* /sys/kernel/security/tomoyo/self_domain */
break;
case TOMOYO_MANAGER:
/* /sys/kernel/security/tomoyo/manager */
- head->write = tomoyo_write_manager_policy;
- head->read = tomoyo_read_manager_policy;
+ head->write = tomoyo_write_manager;
+ head->read = tomoyo_read_manager;
break;
}
if (!(file->f_mode & FMODE_READ)) {
return -EFAULT;
/* Don't allow updating policies by non manager programs. */
if (head->write != tomoyo_write_pid &&
- head->write != tomoyo_write_domain_policy &&
- !tomoyo_policy_manager())
+ head->write != tomoyo_write_domain && !tomoyo_manager())
return -EPERM;
if (mutex_lock_interruptible(&head->io_sem))
return -EINTR;
if (tomoyo_profile_version != 20090903)
panic("Profile version %u is not supported.\n",
tomoyo_profile_version);
- printk(KERN_INFO "TOMOYO: 2.3.0-pre 2010/06/03\n");
+ printk(KERN_INFO "TOMOYO: 2.3.0\n");
printk(KERN_INFO "Mandatory Access Control activated.\n");
}