]> bbs.cooldavid.org Git - net-next-2.6.git/blobdiff - security/tomoyo/path_group.c
git://bbs.cooldavid.org / net-next-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
TOMOYO: Use callback for updating entries.
[net-next-2.6.git] / security / tomoyo / path_group.c
diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c
index c988041c8e1c2e59e7f81cb296283dd0dfe5d393..5b71d8868453593880b7ef93ea424ab2b11e0a17 100644 (file)
--- a/security/tomoyo/path_group.c
+++ b/security/tomoyo/path_group.c
@@ -6,7 +6,7 @@
 
 #include <linux/slab.h>
 #include "common.h"
-/* The list for "struct ccs_path_group". */
+/* The list for "struct tomoyo_path_group". */
 LIST_HEAD(tomoyo_path_group_list);
 
 /**
@@ -22,8 +22,7 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name)
        struct tomoyo_path_group *group = NULL;
        const struct tomoyo_path_info *saved_group_name;
        int error = -ENOMEM;
-       if (!tomoyo_is_correct_path(group_name, 0, 0, 0) ||
-           !group_name[0])
+       if (!tomoyo_is_correct_word(group_name))
                return NULL;
        saved_group_name = tomoyo_get_name(group_name);
        if (!saved_group_name)
@@ -55,6 +54,15 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name)
        return !error ? group : NULL;
 }
 
+static bool tomoyo_same_path_group(const struct tomoyo_acl_head *a,
+                                  const struct tomoyo_acl_head *b)
+{
+       return container_of(a, struct tomoyo_path_group_member, head)
+               ->member_name ==
+               container_of(b, struct tomoyo_path_group_member, head)
+               ->member_name;
+}
+
 /**
  * tomoyo_write_path_group_policy - Write "struct tomoyo_path_group" list.
  *
@@ -66,7 +74,6 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name)
 int tomoyo_write_path_group_policy(char *data, const bool is_delete)
 {
        struct tomoyo_path_group *group;
-       struct tomoyo_path_group_member *member;
        struct tomoyo_path_group_member e = { };
        int error = is_delete ? -ENOENT : -ENOMEM;
        char *w[2];
@@ -78,24 +85,9 @@ int tomoyo_write_path_group_policy(char *data, const bool is_delete)
        e.member_name = tomoyo_get_name(w[1]);
        if (!e.member_name)
                goto out;
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(member, &group->member_list, list) {
-               if (member->member_name != e.member_name)
-                       continue;
-               member->is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_path_group_member *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->list, &group->member_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &group->member_list,
+                                    tomoyo_same_path_group);
  out:
        tomoyo_put_name(e.member_name);
        tomoyo_put_path_group(group);
@@ -123,8 +115,8 @@ bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head)
                        struct tomoyo_path_group_member *member;
                        member = list_entry(mpos,
                                            struct tomoyo_path_group_member,
-                                           list);
-                       if (member->is_deleted)
+                                           head.list);
+                       if (member->head.is_deleted)
                                continue;
                        if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_PATH_GROUP
                                              "%s %s\n",
@@ -141,29 +133,21 @@ bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head)
  *
  * @pathname:        The name of pathname.
  * @group:           Pointer to "struct tomoyo_path_group".
- * @may_use_pattern: True if wild card is permitted.
  *
  * Returns true if @pathname matches pathnames in @group, false otherwise.
  *
  * Caller holds tomoyo_read_lock().
  */
 bool tomoyo_path_matches_group(const struct tomoyo_path_info *pathname,
-                              const struct tomoyo_path_group *group,
-                              const bool may_use_pattern)
+                              const struct tomoyo_path_group *group)
 {
        struct tomoyo_path_group_member *member;
        bool matched = false;
-       list_for_each_entry_rcu(member, &group->member_list, list) {
-               if (member->is_deleted)
+       list_for_each_entry_rcu(member, &group->member_list, head.list) {
+               if (member->head.is_deleted)
                        continue;
-               if (!member->member_name->is_patterned) {
-                       if (tomoyo_pathcmp(pathname, member->member_name))
-                               continue;
-               } else if (may_use_pattern) {
-                       if (!tomoyo_path_matches_pattern(pathname,
-                                                        member->member_name))
-                               continue;
-               } else
+               if (!tomoyo_path_matches_pattern(pathname,
+                                                member->member_name))
                        continue;
                matched = true;
                break;
Clone of davem's net-next-2.6 tree