diff options
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/common.h | 36 | ||||
-rw-r--r-- | security/tomoyo/file.c | 4 | ||||
-rw-r--r-- | security/tomoyo/gc.c | 41 | ||||
-rw-r--r-- | security/tomoyo/number_group.c | 32 | ||||
-rw-r--r-- | security/tomoyo/path_group.c | 30 |
5 files changed, 59 insertions, 84 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index e0c4ae1..9f289e4 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -291,28 +291,20 @@ struct tomoyo_name_entry { struct tomoyo_name_union { const struct tomoyo_path_info *filename; - struct tomoyo_path_group *group; + struct tomoyo_group *group; u8 is_group; }; struct tomoyo_number_union { unsigned long values[2]; - struct tomoyo_number_group *group; + struct tomoyo_group *group; u8 min_type; u8 max_type; u8 is_group; }; -/* Structure for "path_group" directive. */ -struct tomoyo_path_group { - struct list_head list; - const struct tomoyo_path_info *group_name; - struct list_head member_list; - atomic_t users; -}; - -/* Structure for "number_group" directive. */ -struct tomoyo_number_group { +/* Structure for "path_group"/"number_group" directive. */ +struct tomoyo_group { struct list_head list; const struct tomoyo_path_info *group_name; struct list_head member_list; @@ -320,13 +312,13 @@ struct tomoyo_number_group { }; /* Structure for "path_group" directive. */ -struct tomoyo_path_group_member { +struct tomoyo_path_group { struct tomoyo_acl_head head; const struct tomoyo_path_info *member_name; }; /* Structure for "number_group" directive. */ -struct tomoyo_number_group_member { +struct tomoyo_number_group { struct tomoyo_acl_head head; struct tomoyo_number_union number; }; @@ -766,11 +758,11 @@ bool tomoyo_parse_name_union(const char *filename, struct tomoyo_name_union *ptr); /* Check whether the given filename matches the given path_group. */ bool tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, - const struct tomoyo_path_group *group); + const struct tomoyo_group *group); /* Check whether the given value matches the given number_group. */ bool tomoyo_number_matches_group(const unsigned long min, const unsigned long max, - const struct tomoyo_number_group *group); + const struct tomoyo_group *group); /* Check whether the given filename matches the given pattern. */ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, const struct tomoyo_path_info *pattern); @@ -858,8 +850,8 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * const u8 profile); struct tomoyo_profile *tomoyo_profile(const u8 profile); /* Allocate memory for "struct tomoyo_path_group". */ -struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name); -struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name); +struct tomoyo_group *tomoyo_get_path_group(const char *group_name); +struct tomoyo_group *tomoyo_get_number_group(const char *group_name); /* Check mode for specified functionality. */ unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, @@ -1039,13 +1031,7 @@ static inline void tomoyo_put_name(const struct tomoyo_path_info *name) } } -static inline void tomoyo_put_path_group(struct tomoyo_path_group *group) -{ - if (group) - atomic_dec(&group->users); -} - -static inline void tomoyo_put_number_group(struct tomoyo_number_group *group) +static inline void tomoyo_put_group(struct tomoyo_group *group) { if (group) atomic_dec(&group->users); diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index de87c45..6c2ba69 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -90,7 +90,7 @@ void tomoyo_put_name_union(struct tomoyo_name_union *ptr) if (!ptr) return; if (ptr->is_group) - tomoyo_put_path_group(ptr->group); + tomoyo_put_group(ptr->group); else tomoyo_put_name(ptr->filename); } @@ -106,7 +106,7 @@ bool tomoyo_compare_name_union(const struct tomoyo_path_info *name, void tomoyo_put_number_union(struct tomoyo_number_union *ptr) { if (ptr && ptr->is_group) - tomoyo_put_number_group(ptr->group); + tomoyo_put_group(ptr->group); } bool tomoyo_compare_number_union(const unsigned long value, diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index a54bd82..446d59f 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -12,10 +12,9 @@ #include <linux/slab.h> enum tomoyo_policy_id { + TOMOYO_ID_GROUP, TOMOYO_ID_PATH_GROUP, - TOMOYO_ID_PATH_GROUP_MEMBER, TOMOYO_ID_NUMBER_GROUP, - TOMOYO_ID_NUMBER_GROUP_MEMBER, TOMOYO_ID_DOMAIN_INITIALIZER, TOMOYO_ID_DOMAIN_KEEPER, TOMOYO_ID_AGGREGATOR, @@ -207,31 +206,24 @@ static void tomoyo_del_name(struct list_head *element) container_of(element, typeof(*ptr), list); } -static void tomoyo_del_path_group_member(struct list_head *element) +static void tomoyo_del_path_group(struct list_head *element) { - struct tomoyo_path_group_member *member = + struct tomoyo_path_group *member = container_of(element, typeof(*member), head.list); tomoyo_put_name(member->member_name); } -static void tomoyo_del_path_group(struct list_head *element) +static void tomoyo_del_group(struct list_head *element) { - struct tomoyo_path_group *group = + struct tomoyo_group *group = container_of(element, typeof(*group), list); tomoyo_put_name(group->group_name); } -static void tomoyo_del_number_group_member(struct list_head *element) -{ - struct tomoyo_number_group_member *member = - container_of(element, typeof(*member), head.list); -} - static void tomoyo_del_number_group(struct list_head *element) { - struct tomoyo_number_group *group = - container_of(element, typeof(*group), list); - tomoyo_put_name(group->group_name); + struct tomoyo_number_group *member = + container_of(element, typeof(*member), head.list); } static struct list_head *tomoyo_policy_list[TOMOYO_MAX_POLICY] = { @@ -305,28 +297,28 @@ static void tomoyo_collect_entry(void) } } { - struct tomoyo_path_group *group; + struct tomoyo_group *group; list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) { tomoyo_collect_member(&group->member_list, - TOMOYO_ID_PATH_GROUP_MEMBER); + TOMOYO_ID_PATH_GROUP); if (!list_empty(&group->member_list) || atomic_read(&group->users)) continue; - if (!tomoyo_add_to_gc(TOMOYO_ID_PATH_GROUP, + if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, &group->list)) goto unlock; } } { - struct tomoyo_number_group *group; + struct tomoyo_group *group; list_for_each_entry_rcu(group, &tomoyo_number_group_list, list) { tomoyo_collect_member(&group->member_list, - TOMOYO_ID_NUMBER_GROUP_MEMBER); + TOMOYO_ID_NUMBER_GROUP); if (!list_empty(&group->member_list) || atomic_read(&group->users)) continue; - if (!tomoyo_add_to_gc(TOMOYO_ID_NUMBER_GROUP, + if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, &group->list)) goto unlock; } @@ -377,14 +369,11 @@ static void tomoyo_kfree_entry(void) if (!tomoyo_del_domain(element)) continue; break; - case TOMOYO_ID_PATH_GROUP_MEMBER: - tomoyo_del_path_group_member(element); - break; case TOMOYO_ID_PATH_GROUP: tomoyo_del_path_group(element); break; - case TOMOYO_ID_NUMBER_GROUP_MEMBER: - tomoyo_del_number_group_member(element); + case TOMOYO_ID_GROUP: + tomoyo_del_group(element); break; case TOMOYO_ID_NUMBER_GROUP: tomoyo_del_number_group(element); diff --git a/security/tomoyo/number_group.c b/security/tomoyo/number_group.c index 8779309..eca20d6 100644 --- a/security/tomoyo/number_group.c +++ b/security/tomoyo/number_group.c @@ -11,17 +11,17 @@ LIST_HEAD(tomoyo_number_group_list); /** - * tomoyo_get_number_group - Allocate memory for "struct tomoyo_number_group". + * tomoyo_get_group - Allocate memory for "struct tomoyo_number_group". * * @group_name: The name of number group. * * Returns pointer to "struct tomoyo_number_group" on success, * NULL otherwise. */ -struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name) +struct tomoyo_group *tomoyo_get_number_group(const char *group_name) { - struct tomoyo_number_group *entry = NULL; - struct tomoyo_number_group *group = NULL; + struct tomoyo_group *entry = NULL; + struct tomoyo_group *group = NULL; const struct tomoyo_path_info *saved_group_name; int error = -ENOMEM; if (!tomoyo_correct_word(group_name)) @@ -59,12 +59,12 @@ struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name) static bool tomoyo_same_number_group(const struct tomoyo_acl_head *a, const struct tomoyo_acl_head *b) { - return !memcmp(&container_of(a, struct tomoyo_number_group_member, + return !memcmp(&container_of(a, struct tomoyo_number_group, head)->number, - &container_of(b, struct tomoyo_number_group_member, + &container_of(b, struct tomoyo_number_group, head)->number, sizeof(container_of(a, - struct tomoyo_number_group_member, + struct tomoyo_number_group, head)->number)); } @@ -78,8 +78,8 @@ static bool tomoyo_same_number_group(const struct tomoyo_acl_head *a, */ int tomoyo_write_number_group_policy(char *data, const bool is_delete) { - struct tomoyo_number_group *group; - struct tomoyo_number_group_member e = { }; + struct tomoyo_group *group; + struct tomoyo_number_group e = { }; int error; char *w[2]; if (!tomoyo_tokenize(data, w, sizeof(w))) @@ -93,7 +93,7 @@ int tomoyo_write_number_group_policy(char *data, const bool is_delete) error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, &group->member_list, tomoyo_same_number_group); - tomoyo_put_number_group(group); + tomoyo_put_group(group); return error; } @@ -111,16 +111,16 @@ bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head) struct list_head *gpos; struct list_head *mpos; list_for_each_cookie(gpos, head->read_var1, &tomoyo_number_group_list) { - struct tomoyo_number_group *group; + struct tomoyo_group *group; const char *name; - group = list_entry(gpos, struct tomoyo_number_group, list); + group = list_entry(gpos, struct tomoyo_group, list); name = group->group_name->name; list_for_each_cookie(mpos, head->read_var2, &group->member_list) { int pos; - const struct tomoyo_number_group_member *member + const struct tomoyo_number_group *member = list_entry(mpos, - struct tomoyo_number_group_member, + struct tomoyo_number_group, head.list); if (member->head.is_deleted) continue; @@ -150,9 +150,9 @@ bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head) */ bool tomoyo_number_matches_group(const unsigned long min, const unsigned long max, - const struct tomoyo_number_group *group) + const struct tomoyo_group *group) { - struct tomoyo_number_group_member *member; + struct tomoyo_number_group *member; bool matched = false; list_for_each_entry_rcu(member, &group->member_list, head.list) { if (member->head.is_deleted) diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c index c78c57c..bce2524 100644 --- a/security/tomoyo/path_group.c +++ b/security/tomoyo/path_group.c @@ -10,16 +10,16 @@ LIST_HEAD(tomoyo_path_group_list); /** - * tomoyo_get_path_group - Allocate memory for "struct tomoyo_path_group". + * tomoyo_get_group - Allocate memory for "struct tomoyo_path_group". * * @group_name: The name of pathname group. * * Returns pointer to "struct tomoyo_path_group" on success, NULL otherwise. */ -struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name) +struct tomoyo_group *tomoyo_get_path_group(const char *group_name) { - struct tomoyo_path_group *entry = NULL; - struct tomoyo_path_group *group = NULL; + struct tomoyo_group *entry = NULL; + struct tomoyo_group *group = NULL; const struct tomoyo_path_info *saved_group_name; int error = -ENOMEM; if (!tomoyo_correct_word(group_name)) @@ -57,9 +57,9 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name) static bool tomoyo_same_path_group(const struct tomoyo_acl_head *a, const struct tomoyo_acl_head *b) { - return container_of(a, struct tomoyo_path_group_member, head) + return container_of(a, struct tomoyo_path_group, head) ->member_name == - container_of(b, struct tomoyo_path_group_member, head) + container_of(b, struct tomoyo_path_group, head) ->member_name; } @@ -73,8 +73,8 @@ static bool tomoyo_same_path_group(const struct tomoyo_acl_head *a, */ int tomoyo_write_path_group_policy(char *data, const bool is_delete) { - struct tomoyo_path_group *group; - struct tomoyo_path_group_member e = { }; + struct tomoyo_group *group; + struct tomoyo_path_group e = { }; int error = is_delete ? -ENOENT : -ENOMEM; char *w[2]; if (!tomoyo_tokenize(data, w, sizeof(w)) || !w[1][0]) @@ -90,7 +90,7 @@ int tomoyo_write_path_group_policy(char *data, const bool is_delete) tomoyo_same_path_group); out: tomoyo_put_name(e.member_name); - tomoyo_put_path_group(group); + tomoyo_put_group(group); return error; } @@ -108,13 +108,13 @@ bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head) struct list_head *gpos; struct list_head *mpos; list_for_each_cookie(gpos, head->read_var1, &tomoyo_path_group_list) { - struct tomoyo_path_group *group; - group = list_entry(gpos, struct tomoyo_path_group, list); + struct tomoyo_group *group; + group = list_entry(gpos, struct tomoyo_group, list); list_for_each_cookie(mpos, head->read_var2, &group->member_list) { - struct tomoyo_path_group_member *member; + struct tomoyo_path_group *member; member = list_entry(mpos, - struct tomoyo_path_group_member, + struct tomoyo_path_group, head.list); if (member->head.is_deleted) continue; @@ -139,9 +139,9 @@ bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head) * Caller holds tomoyo_read_lock(). */ bool tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, - const struct tomoyo_path_group *group) + const struct tomoyo_group *group) { - struct tomoyo_path_group_member *member; + struct tomoyo_path_group *member; bool matched = false; list_for_each_entry_rcu(member, &group->member_list, head.list) { if (member->head.is_deleted) |