diff options
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/common.c | 44 | ||||
-rw-r--r-- | security/tomoyo/common.h | 42 | ||||
-rw-r--r-- | security/tomoyo/domain.c | 38 | ||||
-rw-r--r-- | security/tomoyo/file.c | 104 | ||||
-rw-r--r-- | security/tomoyo/gc.c | 4 | ||||
-rw-r--r-- | security/tomoyo/mount.c | 10 | ||||
-rw-r--r-- | security/tomoyo/number_group.c | 2 | ||||
-rw-r--r-- | security/tomoyo/path_group.c | 2 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.c | 2 | ||||
-rw-r--r-- | security/tomoyo/util.c | 66 |
10 files changed, 157 insertions, 157 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 4ee47af..1a22fff 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -494,12 +494,12 @@ static int tomoyo_update_manager_entry(const char *manager, struct tomoyo_policy_manager_entry e = { }; int error; - if (tomoyo_is_domain_def(manager)) { - if (!tomoyo_is_correct_domain(manager)) + if (tomoyo_domain_def(manager)) { + if (!tomoyo_correct_domain(manager)) return -EINVAL; e.is_domain = true; } else { - if (!tomoyo_is_correct_path(manager)) + if (!tomoyo_correct_path(manager)) return -EINVAL; } e.manager = tomoyo_get_name(manager); @@ -565,14 +565,14 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) } /** - * tomoyo_is_policy_manager - Check whether the current process is a policy manager. + * tomoyo_policy_manager - Check whether the current process is a policy manager. * * Returns true if the current process is permitted to modify policy * via /sys/kernel/security/tomoyo/ interface. * * Caller holds tomoyo_read_lock(). */ -static bool tomoyo_is_policy_manager(void) +static bool tomoyo_policy_manager(void) { struct tomoyo_policy_manager_entry *ptr; const char *exe; @@ -617,7 +617,7 @@ static bool tomoyo_is_policy_manager(void) } /** - * tomoyo_is_select_one - Parse select command. + * tomoyo_select_one - Parse select command. * * @head: Pointer to "struct tomoyo_io_buffer". * @data: String to parse. @@ -626,7 +626,7 @@ static bool tomoyo_is_policy_manager(void) * * Caller holds tomoyo_read_lock(). */ -static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head, +static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data) { unsigned int pid; @@ -647,7 +647,7 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head, read_unlock(&tasklist_lock); rcu_read_unlock(); } else if (!strncmp(data, "domain=", 7)) { - if (tomoyo_is_domain_def(data + 7)) + if (tomoyo_domain_def(data + 7)) domain = tomoyo_find_domain(data + 7); } else return false; @@ -748,12 +748,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) is_delete = true; else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) is_select = true; - if (is_select && tomoyo_is_select_one(head, data)) + if (is_select && tomoyo_select_one(head, data)) return 0; /* Don't allow updating policies by non manager programs. */ - if (!tomoyo_is_policy_manager()) + if (!tomoyo_policy_manager()) return -EPERM; - if (tomoyo_is_domain_def(data)) { + if (tomoyo_domain_def(data)) { domain = NULL; if (is_delete) tomoyo_delete_domain(data); @@ -894,26 +894,26 @@ static bool tomoyo_print_path_number_acl(struct tomoyo_io_buffer *head, } /** - * tomoyo_print_path_number3_acl - Print a path_number3 ACL entry. + * tomoyo_print_mkdev_acl - Print a mkdev ACL entry. * * @head: Pointer to "struct tomoyo_io_buffer". - * @ptr: Pointer to "struct tomoyo_path_number3_acl". + * @ptr: Pointer to "struct tomoyo_mkdev_acl". * * Returns true on success, false otherwise. */ -static bool tomoyo_print_path_number3_acl(struct tomoyo_io_buffer *head, - struct tomoyo_path_number3_acl *ptr) +static bool tomoyo_print_mkdev_acl(struct tomoyo_io_buffer *head, + struct tomoyo_mkdev_acl *ptr) { int pos; u8 bit; const u16 perm = ptr->perm; - for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_NUMBER3_OPERATION; + for (bit = head->read_bit; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) { if (!(perm & (1 << bit))) continue; pos = head->read_avail; if (!tomoyo_io_printf(head, "allow_%s", - tomoyo_path_number32keyword(bit)) || + tomoyo_mkdev2keyword(bit)) || !tomoyo_print_name_union(head, &ptr->name) || !tomoyo_print_number_union(head, &ptr->mode) || !tomoyo_print_number_union(head, &ptr->major) || @@ -984,11 +984,11 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, head); return tomoyo_print_path_number_acl(head, acl); } - if (acl_type == TOMOYO_TYPE_PATH_NUMBER3_ACL) { - struct tomoyo_path_number3_acl *acl - = container_of(ptr, struct tomoyo_path_number3_acl, + if (acl_type == TOMOYO_TYPE_MKDEV_ACL) { + struct tomoyo_mkdev_acl *acl + = container_of(ptr, struct tomoyo_mkdev_acl, head); - return tomoyo_print_path_number3_acl(head, acl); + return tomoyo_print_mkdev_acl(head, acl); } if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { struct tomoyo_mount_acl *acl @@ -1910,7 +1910,7 @@ int tomoyo_write_control(struct file *file, const char __user *buffer, /* Don't allow updating policies by non manager programs. */ if (head->write != tomoyo_write_pid && head->write != tomoyo_write_domain_policy && - !tomoyo_is_policy_manager()) + !tomoyo_policy_manager()) return -EPERM; if (mutex_lock_interruptible(&head->io_sem)) return -EINTR; diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 36b0274..9b106e9 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -80,7 +80,7 @@ enum tomoyo_acl_entry_type_index { TOMOYO_TYPE_PATH_ACL, TOMOYO_TYPE_PATH2_ACL, TOMOYO_TYPE_PATH_NUMBER_ACL, - TOMOYO_TYPE_PATH_NUMBER3_ACL, + TOMOYO_TYPE_MKDEV_ACL, TOMOYO_TYPE_MOUNT_ACL, }; @@ -114,10 +114,10 @@ enum tomoyo_path_acl_index { #define TOMOYO_RW_MASK ((1 << TOMOYO_TYPE_READ) | (1 << TOMOYO_TYPE_WRITE)) -enum tomoyo_path_number3_acl_index { +enum tomoyo_mkdev_acl_index { TOMOYO_TYPE_MKBLOCK, TOMOYO_TYPE_MKCHAR, - TOMOYO_MAX_PATH_NUMBER3_OPERATION + TOMOYO_MAX_MKDEV_OPERATION }; enum tomoyo_path2_acl_index { @@ -342,7 +342,7 @@ struct tomoyo_number_group_member { * * Packing "struct tomoyo_acl_info" allows * "struct tomoyo_path_acl" to embed "u16" and "struct tomoyo_path2_acl" - * "struct tomoyo_path_number_acl" "struct tomoyo_path_number3_acl" to embed + * "struct tomoyo_path_number_acl" "struct tomoyo_mkdev_acl" to embed * "u8" without enlarging their structure size. */ struct tomoyo_acl_info { @@ -439,7 +439,7 @@ struct tomoyo_path_number_acl { }; /* - * tomoyo_path_number3_acl is a structure which is used for holding an + * tomoyo_mkdev_acl is a structure which is used for holding an * entry with one pathname and three numbers operation. * It has following fields. * @@ -452,8 +452,8 @@ struct tomoyo_path_number_acl { * Directives held by this structure are "allow_mkchar", "allow_mkblock". * */ -struct tomoyo_path_number3_acl { - struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER3_ACL */ +struct tomoyo_mkdev_acl { + struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */ u8 perm; struct tomoyo_name_union name; struct tomoyo_number_union mode; @@ -756,12 +756,12 @@ int tomoyo_get_mode(const u8 profile, const u8 index); bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); /* Check whether the domainname is correct. */ -bool tomoyo_is_correct_domain(const unsigned char *domainname); +bool tomoyo_correct_domain(const unsigned char *domainname); /* Check whether the token is correct. */ -bool tomoyo_is_correct_path(const char *filename); -bool tomoyo_is_correct_word(const char *string); +bool tomoyo_correct_path(const char *filename); +bool tomoyo_correct_word(const char *string); /* Check whether the token can be a domainname. */ -bool tomoyo_is_domain_def(const unsigned char *buffer); +bool tomoyo_domain_def(const unsigned char *buffer); bool tomoyo_parse_name_union(const char *filename, struct tomoyo_name_union *ptr); /* Check whether the given filename matches the given path_group. */ @@ -807,7 +807,7 @@ bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); /* Convert double path operation to operation name. */ const char *tomoyo_path22keyword(const u8 operation); const char *tomoyo_path_number2keyword(const u8 operation); -const char *tomoyo_path_number32keyword(const u8 operation); +const char *tomoyo_mkdev2keyword(const u8 operation); /* Get the last component of the given domainname. */ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); /* Convert single path operation to operation name. */ @@ -919,8 +919,8 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, struct path *path, const int flag); int tomoyo_path_number_perm(const u8 operation, struct path *path, unsigned long number); -int tomoyo_path_number3_perm(const u8 operation, struct path *path, - const unsigned int mode, unsigned int dev); +int tomoyo_mkdev_perm(const u8 operation, struct path *path, + const unsigned int mode, unsigned int dev); int tomoyo_path_perm(const u8 operation, struct path *path); int tomoyo_path2_perm(const u8 operation, struct path *path1, struct path *path2); @@ -1008,25 +1008,25 @@ static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, } /** - * tomoyo_is_valid - Check whether the character is a valid char. + * tomoyo_valid - Check whether the character is a valid char. * * @c: The character to check. * * Returns true if @c is a valid character, false otherwise. */ -static inline bool tomoyo_is_valid(const unsigned char c) +static inline bool tomoyo_valid(const unsigned char c) { return c > ' ' && c < 127; } /** - * tomoyo_is_invalid - Check whether the character is an invalid char. + * tomoyo_invalid - Check whether the character is an invalid char. * * @c: The character to check. * * Returns true if @c is an invalid character, false otherwise. */ -static inline bool tomoyo_is_invalid(const unsigned char c) +static inline bool tomoyo_invalid(const unsigned char c) { return c && (c <= ' ' || c >= 127); } @@ -1063,20 +1063,20 @@ static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct return task_cred_xxx(task, security); } -static inline bool tomoyo_is_same_acl_head(const struct tomoyo_acl_info *p1, +static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *p1, const struct tomoyo_acl_info *p2) { return p1->type == p2->type; } -static inline bool tomoyo_is_same_name_union +static inline bool tomoyo_same_name_union (const struct tomoyo_name_union *p1, const struct tomoyo_name_union *p2) { return p1->filename == p2->filename && p1->group == p2->group && p1->is_group == p2->is_group; } -static inline bool tomoyo_is_same_number_union +static inline bool tomoyo_same_number_union (const struct tomoyo_number_union *p1, const struct tomoyo_number_union *p2) { return p1->values[0] == p2->values[0] && p1->values[1] == p2->values[1] diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 13f4f39..1a12297 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -256,13 +256,13 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, struct tomoyo_domain_initializer_entry e = { .is_not = is_not }; int error = is_delete ? -ENOENT : -ENOMEM; - if (!tomoyo_is_correct_path(program)) + if (!tomoyo_correct_path(program)) return -EINVAL; if (domainname) { - if (!tomoyo_is_domain_def(domainname) && - tomoyo_is_correct_path(domainname)) + if (!tomoyo_domain_def(domainname) && + tomoyo_correct_path(domainname)) e.is_last_name = true; - else if (!tomoyo_is_correct_domain(domainname)) + else if (!tomoyo_correct_domain(domainname)) return -EINVAL; e.domainname = tomoyo_get_name(domainname); if (!e.domainname) @@ -346,7 +346,7 @@ int tomoyo_write_domain_initializer_policy(char *data, const bool is_not, } /** - * tomoyo_is_domain_initializer - Check whether the given program causes domainname reinitialization. + * tomoyo_domain_initializer - Check whether the given program causes domainname reinitialization. * * @domainname: The name of domain. * @program: The name of program. @@ -357,7 +357,7 @@ int tomoyo_write_domain_initializer_policy(char *data, const bool is_not, * * Caller holds tomoyo_read_lock(). */ -static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info * +static bool tomoyo_domain_initializer(const struct tomoyo_path_info * domainname, const struct tomoyo_path_info *program, const struct tomoyo_path_info * @@ -462,13 +462,13 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, struct tomoyo_domain_keeper_entry e = { .is_not = is_not }; int error = is_delete ? -ENOENT : -ENOMEM; - if (!tomoyo_is_domain_def(domainname) && - tomoyo_is_correct_path(domainname)) + if (!tomoyo_domain_def(domainname) && + tomoyo_correct_path(domainname)) e.is_last_name = true; - else if (!tomoyo_is_correct_domain(domainname)) + else if (!tomoyo_correct_domain(domainname)) return -EINVAL; if (program) { - if (!tomoyo_is_correct_path(program)) + if (!tomoyo_correct_path(program)) return -EINVAL; e.program = tomoyo_get_name(program); if (!e.program) @@ -549,7 +549,7 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head) } /** - * tomoyo_is_domain_keeper - Check whether the given program causes domain transition suppression. + * tomoyo_domain_keeper - Check whether the given program causes domain transition suppression. * * @domainname: The name of domain. * @program: The name of program. @@ -560,7 +560,7 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head) * * Caller holds tomoyo_read_lock(). */ -static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname, +static bool tomoyo_domain_keeper(const struct tomoyo_path_info *domainname, const struct tomoyo_path_info *program, const struct tomoyo_path_info *last_name) { @@ -646,8 +646,8 @@ static int tomoyo_update_aggregator_entry(const char *original_name, struct tomoyo_aggregator_entry e = { }; int error = is_delete ? -ENOENT : -ENOMEM; - if (!tomoyo_is_correct_path(original_name) || - !tomoyo_is_correct_path(aggregated_name)) + if (!tomoyo_correct_path(original_name) || + !tomoyo_correct_path(aggregated_name)) return -EINVAL; e.original_name = tomoyo_get_name(original_name); e.aggregated_name = tomoyo_get_name(aggregated_name); @@ -774,8 +774,8 @@ static int tomoyo_update_alias_entry(const char *original_name, struct tomoyo_alias_entry e = { }; int error = is_delete ? -ENOENT : -ENOMEM; - if (!tomoyo_is_correct_path(original_name) || - !tomoyo_is_correct_path(aliased_name)) + if (!tomoyo_correct_path(original_name) || + !tomoyo_correct_path(aliased_name)) return -EINVAL; e.original_name = tomoyo_get_name(original_name); e.aliased_name = tomoyo_get_name(aliased_name); @@ -859,7 +859,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * const struct tomoyo_path_info *saved_domainname; bool found = false; - if (!tomoyo_is_correct_domain(domainname)) + if (!tomoyo_correct_domain(domainname)) return NULL; saved_domainname = tomoyo_get_name(domainname); if (!saved_domainname) @@ -984,7 +984,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) if (retval < 0) goto out; - if (tomoyo_is_domain_initializer(old_domain->domainname, &rn, &ln)) { + if (tomoyo_domain_initializer(old_domain->domainname, &rn, &ln)) { /* Transit to the child of tomoyo_kernel_domain domain. */ snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, TOMOYO_ROOT_NAME " " "%s", rn.name); @@ -996,7 +996,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) * initializers because they might start before /sbin/init. */ domain = old_domain; - } else if (tomoyo_is_domain_keeper(old_domain->domainname, &rn, &ln)) { + } else if (tomoyo_domain_keeper(old_domain->domainname, &rn, &ln)) { /* Keep current domain. */ domain = old_domain; } else { diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 18969e7..94e1493 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -25,8 +25,8 @@ static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = { }; /* Keyword array for operations with one pathname and three numbers. */ -static const char *tomoyo_path_number3_keyword -[TOMOYO_MAX_PATH_NUMBER3_OPERATION] = { +static const char *tomoyo_mkdev_keyword +[TOMOYO_MAX_MKDEV_OPERATION] = { [TOMOYO_TYPE_MKBLOCK] = "mkblock", [TOMOYO_TYPE_MKCHAR] = "mkchar", }; @@ -65,7 +65,7 @@ static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = { [TOMOYO_TYPE_UMOUNT] = TOMOYO_MAC_FILE_UMOUNT, }; -static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_PATH_NUMBER3_OPERATION] = { +static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = { [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK, [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR, }; @@ -133,16 +133,16 @@ const char *tomoyo_path2keyword(const u8 operation) } /** - * tomoyo_path_number32keyword - Get the name of path/number/number/number operations. + * tomoyo_mkdev2keyword - Get the name of path/number/number/number operations. * * @operation: Type of operation. * * Returns the name of path/number/number/number operation. */ -const char *tomoyo_path_number32keyword(const u8 operation) +const char *tomoyo_mkdev2keyword(const u8 operation) { - return (operation < TOMOYO_MAX_PATH_NUMBER3_OPERATION) - ? tomoyo_path_number3_keyword[operation] : NULL; + return (operation < TOMOYO_MAX_MKDEV_OPERATION) + ? tomoyo_mkdev_keyword[operation] : NULL; } /** @@ -266,7 +266,7 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) */ static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) { - const char *operation = tomoyo_path_number32keyword(r->param.mkdev. + const char *operation = tomoyo_mkdev2keyword(r->param.mkdev. operation); const struct tomoyo_path_info *filename = r->param.mkdev.filename; const unsigned int major = r->param.mkdev.major; @@ -380,7 +380,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename, struct tomoyo_globally_readable_file_entry e = { }; int error; - if (!tomoyo_is_correct_word(filename)) + if (!tomoyo_correct_word(filename)) return -EINVAL; e.filename = tomoyo_get_name(filename); if (!e.filename) @@ -393,7 +393,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename, } /** - * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading. + * tomoyo_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading. * * @filename: The filename to check. * @@ -401,7 +401,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename, * * Caller holds tomoyo_read_lock(). */ -static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info * +static bool tomoyo_globally_readable_file(const struct tomoyo_path_info * filename) { struct tomoyo_globally_readable_file_entry *ptr; @@ -517,7 +517,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern, struct tomoyo_pattern_entry e = { }; int error; - if (!tomoyo_is_correct_word(pattern)) + if (!tomoyo_correct_word(pattern)) return -EINVAL; e.pattern = tomoyo_get_name(pattern); if (!e.pattern) @@ -658,7 +658,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern, struct tomoyo_no_rewrite_entry e = { }; int error; - if (!tomoyo_is_correct_word(pattern)) + if (!tomoyo_correct_word(pattern)) return -EINVAL; e.pattern = tomoyo_get_name(pattern); if (!e.pattern) @@ -671,7 +671,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern, } /** - * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited. + * tomoyo_no_rewrite_file - Check if the given pathname is not permitted to be rewrited. * * @filename: Filename to check. * @@ -680,7 +680,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern, * * Caller holds tomoyo_read_lock(). */ -static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename) +static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename) { struct tomoyo_no_rewrite_entry *ptr; bool found = false; @@ -774,7 +774,7 @@ static bool tomoyo_check_path2_acl(const struct tomoyo_request_info *r, static bool tomoyo_check_mkdev_acl(const struct tomoyo_request_info *r, const struct tomoyo_acl_info *ptr) { - const struct tomoyo_path_number3_acl *acl = + const struct tomoyo_mkdev_acl *acl = container_of(ptr, typeof(*acl), head); return (acl->perm & (1 << r->param.mkdev.operation)) && tomoyo_compare_number_union(r->param.mkdev.mode, @@ -792,8 +792,8 @@ static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a, { const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head); const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head); - return tomoyo_is_same_acl_head(&p1->head, &p2->head) && - tomoyo_is_same_name_union(&p1->name, &p2->name); + return tomoyo_same_acl_head(&p1->head, &p2->head) && + tomoyo_same_name_union(&p1->name, &p2->name); } static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a, @@ -853,28 +853,28 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename, return error; } -static bool tomoyo_same_path_number3_acl(const struct tomoyo_acl_info *a, +static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a, const struct tomoyo_acl_info *b) { - const struct tomoyo_path_number3_acl *p1 = container_of(a, typeof(*p1), + const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1), head); - const struct tomoyo_path_number3_acl *p2 = container_of(b, typeof(*p2), + const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2), head); - return tomoyo_is_same_acl_head(&p1->head, &p2->head) - && tomoyo_is_same_name_union(&p1->name, &p2->name) - && tomoyo_is_same_number_union(&p1->mode, &p2->mode) - && tomoyo_is_same_number_union(&p1->major, &p2->major) - && tomoyo_is_same_number_union(&p1->minor, &p2->minor); + return tomoyo_same_acl_head(&p1->head, &p2->head) + && tomoyo_same_name_union(&p1->name, &p2->name) + && tomoyo_same_number_union(&p1->mode, &p2->mode) + && tomoyo_same_number_union(&p1->major, &p2->major) + && tomoyo_same_number_union(&p1->minor, &p2->minor); } -static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a, +static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a, struct tomoyo_acl_info *b, const bool is_delete) { - u8 *const a_perm = &container_of(a, struct tomoyo_path_number3_acl, + u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl, head)->perm; u8 perm = *a_perm; - const u8 b_perm = container_of(b, struct tomoyo_path_number3_acl, head) + const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head) ->perm; if (is_delete) perm &= ~b_perm; @@ -885,7 +885,7 @@ static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a, } /** - * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list. + * tomoyo_update_mkdev_acl - Update "struct tomoyo_mkdev_acl" list. * * @type: Type of operation. * @filename: Filename. @@ -899,13 +899,13 @@ static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a, * * Caller holds tomoyo_read_lock(). */ -static int tomoyo_update_path_number3_acl(const u8 type, const char *filename, +static int tomoyo_update_mkdev_acl(const u8 type, const char *filename, char *mode, char *major, char *minor, struct tomoyo_domain_info * const domain, const bool is_delete) { - struct tomoyo_path_number3_acl e = { - .head.type = TOMOYO_TYPE_PATH_NUMBER3_ACL, + struct tomoyo_mkdev_acl e = { + .head.type = TOMOYO_TYPE_MKDEV_ACL, .perm = 1 << type }; int error = is_delete ? -ENOENT : -ENOMEM; @@ -915,8 +915,8 @@ static int tomoyo_update_path_number3_acl(const u8 type, const char *filename, !tomoyo_parse_number_union(minor, &e.minor)) goto out; error = tomoyo_update_domain(&e.head, sizeof(e), is_delete, domain, - tomoyo_same_path_number3_acl, - tomoyo_merge_path_number3_acl); + tomoyo_same_mkdev_acl, + tomoyo_merge_mkdev_acl); out: tomoyo_put_name_union(&e.name); tomoyo_put_number_union(&e.mode); @@ -930,9 +930,9 @@ static bool tomoyo_same_path2_acl(const struct tomoyo_acl_info *a, { const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head); const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head); - return tomoyo_is_same_acl_head(&p1->head, &p2->head) - && tomoyo_is_same_name_union(&p1->name1, &p2->name1) - && tomoyo_is_same_name_union(&p1->name2, &p2->name2); + return tomoyo_same_acl_head(&p1->head, &p2->head) + && tomoyo_same_name_union(&p1->name1, &p2->name1) + && tomoyo_same_name_union(&p1->name2, &p2->name2); } static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a, @@ -1014,7 +1014,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, tomoyo_check_acl(r, tomoyo_check_path_acl); if (!r->granted && operation == TOMOYO_TYPE_READ && !r->domain->ignore_global_allow_read && - tomoyo_is_globally_readable_file(filename)) + tomoyo_globally_readable_file(filename)) r->granted = true; error = tomoyo_audit_path_log(r); /* @@ -1029,7 +1029,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, * specified by "deny_rewrite" keyword. */ if (!error && operation == TOMOYO_TYPE_TRUNCATE && - tomoyo_is_no_rewrite_file(filename)) { + tomoyo_no_rewrite_file(filename)) { operation = TOMOYO_TYPE_REWRITE; goto next; } @@ -1043,9 +1043,9 @@ static bool tomoyo_same_path_number_acl(const struct tomoyo_acl_info *a, head); const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2), head); - return tomoyo_is_same_acl_head(&p1->head, &p2->head) - && tomoyo_is_same_name_union(&p1->name, &p2->name) - && tomoyo_is_same_number_union(&p1->number, &p2->number); + return tomoyo_same_acl_head(&p1->head, &p2->head) + && tomoyo_same_name_union(&p1->name, &p2->name) + && tomoyo_same_number_union(&p1->number, &p2->number); } static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a, @@ -1204,7 +1204,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, error = -ENOMEM; goto out; } - if (tomoyo_is_no_rewrite_file(&buf)) + if (tomoyo_no_rewrite_file(&buf)) error = tomoyo_path_permission(&r, TOMOYO_TYPE_REWRITE, &buf); } @@ -1258,7 +1258,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path) goto out; switch (operation) { case TOMOYO_TYPE_REWRITE: - if (!tomoyo_is_no_rewrite_file(&buf)) { + if (!tomoyo_no_rewrite_file(&buf)) { error = 0; goto out; } @@ -1279,7 +1279,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path) } /** - * tomoyo_path_number3_perm - Check permission for "mkblock" and "mkchar". + * tomoyo_mkdev_perm - Check permission for "mkblock" and "mkchar". * * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK) * @path: Pointer to "struct path". @@ -1288,7 +1288,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path) * * Returns 0 on success, negative value otherwise. */ -int tomoyo_path_number3_perm(const u8 operation, struct path *path, +int tomoyo_mkdev_perm(const u8 operation, struct path *path, const unsigned int mode, unsigned int dev) { struct tomoyo_request_info r; @@ -1304,7 +1304,7 @@ int tomoyo_path_number3_perm(const u8 operation, struct path *path, error = -ENOMEM; if (tomoyo_get_realpath(&buf, path)) { dev = new_decode_dev(dev); - r.param_type = TOMOYO_TYPE_PATH_NUMBER3_ACL; + r.param_type = TOMOYO_TYPE_MKDEV_ACL; r.param.mkdev.filename = &buf; r.param.mkdev.operation = operation; r.param.mkdev.mode = mode; @@ -1420,11 +1420,11 @@ int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain, } if (!w[3][0] || !w[4][0]) goto out; - for (type = 0; type < TOMOYO_MAX_PATH_NUMBER3_OPERATION; type++) { - if (strcmp(w[0], tomoyo_path_number3_keyword[type])) + for (type = 0; type < TOMOYO_MAX_MKDEV_OPERATION; type++) { + if (strcmp(w[0], tomoyo_mkdev_keyword[type])) continue; - return tomoyo_update_path_number3_acl(type, w[1], w[2], w[3], - w[4], domain, is_delete); + return tomoyo_update_mkdev_acl(type, w[1], w[2], w[3], + w[4], domain, is_delete); } out: return -EINVAL; diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 4290e51..d129317 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -122,9 +122,9 @@ static void tomoyo_del_acl(struct tomoyo_acl_info *acl) tomoyo_put_number_union(&entry->number); } break; - case TOMOYO_TYPE_PATH_NUMBER3_ACL: + case TOMOYO_TYPE_MKDEV_ACL: { - struct tomoyo_path_number3_acl *entry + struct tomoyo_mkdev_acl *entry = container_of(acl, typeof(*entry), head); tomoyo_put_name_union(&entry->name); tomoyo_put_number_union(&entry->mode); diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 8f3ac25..54015b9 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c @@ -300,11 +300,11 @@ static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a, { const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head); const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head); - return tomoyo_is_same_acl_head(&p1->head, &p2->head) && - tomoyo_is_same_name_union(&p1->dev_name, &p2->dev_name) && - tomoyo_is_same_name_union(&p1->dir_name, &p2->dir_name) && - tomoyo_is_same_name_union(&p1->fs_type, &p2->fs_type) && - tomoyo_is_same_number_union(&p1->flags, &p2->flags); + return tomoyo_same_acl_head(&p1->head, &p2->head) && + tomoyo_same_name_union(&p1->dev_name, &p2->dev_name) && + tomoyo_same_name_union(&p1->dir_name, &p2->dir_name) && + tomoyo_same_name_union(&p1->fs_type, &p2->fs_type) && + tomoyo_same_number_union(&p1->flags, &p2->flags); } /** diff --git a/security/tomoyo/number_group.c b/security/tomoyo/number_group.c index 7266a74..8779309 100644 --- a/security/tomoyo/number_group.c +++ b/security/tomoyo/number_group.c @@ -24,7 +24,7 @@ struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name) struct tomoyo_number_group *group = NULL; const struct tomoyo_path_info *saved_group_name; int error = -ENOMEM; - if (!tomoyo_is_correct_word(group_name)) + if (!tomoyo_correct_word(group_name)) return NULL; saved_group_name = tomoyo_get_name(group_name); if (!saved_group_name) diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c index 5b71d88..c78c57c 100644 --- a/security/tomoyo/path_group.c +++ b/security/tomoyo/path_group.c @@ -22,7 +22,7 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name) struct tomoyo_path_group *group = NULL; const struct tomoyo_path_info *saved_group_name; int error = -ENOMEM; - if (!tomoyo_is_correct_word(group_name)) + if (!tomoyo_correct_word(group_name)) return NULL; saved_group_name = tomoyo_get_name(group_name); if (!saved_group_name) diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 7be732c..95d3f95 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -142,7 +142,7 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, default: goto no_dev; } - return tomoyo_path_number3_perm(type, &path, perm, dev); + return tomoyo_mkdev_perm(type, &path, perm, dev); no_dev: switch (mode & S_IFMT) { case S_IFIFO: diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index e593168..945eeef 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -89,7 +89,7 @@ void tomoyo_print_ulong(char *buffer, const int buffer_len, bool tomoyo_parse_name_union(const char *filename, struct tomoyo_name_union *ptr) { - if (!tomoyo_is_correct_word(filename)) + if (!tomoyo_correct_word(filename)) return false; if (filename[0] == '@') { ptr->group = tomoyo_get_path_group(filename + 1); @@ -115,7 +115,7 @@ bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num) unsigned long v; memset(num, 0, sizeof(*num)); if (data[0] == '@') { - if (!tomoyo_is_correct_word(data)) + if (!tomoyo_correct_word(data)) return false; num->group = tomoyo_get_number_group(data + 1); num->is_group = true; @@ -142,7 +142,7 @@ bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num) } /** - * tomoyo_is_byte_range - Check whether the string is a \ooo style octal value. + * tomoyo_byte_range - Check whether the string is a \ooo style octal value. * * @str: Pointer to the string. * @@ -151,7 +151,7 @@ bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num) * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF. * This function verifies that \ooo is in valid range. */ -static inline bool tomoyo_is_byte_range(const char *str) +static inline bool tomoyo_byte_range(const char *str) { return *str >= '0' && *str++ <= '3' && *str >= '0' && *str++ <= '7' && @@ -159,13 +159,13 @@ static inline bool tomoyo_is_byte_range(const char *str) } /** - * tomoyo_is_alphabet_char - Check whether the character is an alphabet. + * tomoyo_alphabet_char - Check whether the character is an alphabet. * * @c: The character to check. * * Returns true if @c is an alphabet character, false otherwise. */ -static inline bool tomoyo_is_alphabet_char(const char c) +static inline bool tomoyo_alphabet_char(const char c) { return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z'); } @@ -223,15 +223,15 @@ void tomoyo_normalize_line(unsigned char *buffer) unsigned char *dp = buffer; bool first = true; - while (tomoyo_is_invalid(*sp)) + while (tomoyo_invalid(*sp)) sp++; while (*sp) { if (!first) *dp++ = ' '; first = false; - while (tomoyo_is_valid(*sp)) + while (tomoyo_valid(*sp)) *dp++ = *sp++; - while (tomoyo_is_invalid(*sp)) + while (tomoyo_invalid(*sp)) sp++; } *dp = '\0'; @@ -265,7 +265,7 @@ bool tomoyo_tokenize(char *buffer, char *w[], size_t size) } /** - * tomoyo_is_correct_word2 - Validate a string. + * tomoyo_correct_word2 - Validate a string. * * @string: The string to check. May be non-'\0'-terminated. * @len: Length of @string. @@ -273,7 +273,7 @@ bool tomoyo_tokenize(char *buffer, char *w[], size_t size) * Check whether the given string follows the naming rules. * Returns true if @string follows the naming rules, false otherwise. */ -static bool tomoyo_is_correct_word2(const char *string, size_t len) +static bool tomoyo_correct_word2(const char *string, size_t len) { const char *const start = string; bool in_repetition = false; @@ -325,13 +325,13 @@ static bool tomoyo_is_correct_word2(const char *string, size_t len) if (d < '0' || d > '7' || e < '0' || e > '7') break; c = tomoyo_make_byte(c, d, e); - if (tomoyo_is_invalid(c)) + if (tomoyo_invalid(c)) continue; /* pattern is not \000 */ } goto out; } else if (in_repetition && c == '/') { goto out; - } else if (tomoyo_is_invalid(c)) { + } else if (tomoyo_invalid(c)) { goto out; } } @@ -343,39 +343,39 @@ static bool tomoyo_is_correct_word2(const char *string, size_t len) } /** - * tomoyo_is_correct_word - Validate a string. + * tomoyo_correct_word - Validate a string. * * @string: The string to check. * * Check whether the given string follows the naming rules. * Returns true if @string follows the naming rules, false otherwise. */ -bool tomoyo_is_correct_word(const char *string) +bool tomoyo_correct_word(const char *string) { - return tomoyo_is_correct_word2(string, strlen(string)); + return tomoyo_correct_word2(string, strlen(string)); } /** - * tomoyo_is_correct_path - Validate a pathname. + * tomoyo_correct_path - Validate a pathname. * * @filename: The pathname to check. * * Check whether the given pathname follows the naming rules. * Returns true if @filename follows the naming rules, false otherwise. */ -bool tomoyo_is_correct_path(const char *filename) +bool tomoyo_correct_path(const char *filename) { - return *filename == '/' && tomoyo_is_correct_word(filename); + return *filename == '/' && tomoyo_correct_word(filename); } /** - * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules. + * tomoyo_correct_domain - Check whether the given domainname follows the naming rules. * * @domainname: The domainname to check. * * Returns true if @domainname follows the naming rules, false otherwise. */ -bool tomoyo_is_correct_domain(const unsigned char *domainname) +bool tomoyo_correct_domain(const unsigned char *domainname) { if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN)) @@ -390,23 +390,23 @@ bool tomoyo_is_correct_domain(const unsigned char *domainname) if (!cp) break; if (*domainname != '/' || - !tomoyo_is_correct_word2(domainname, cp - domainname - 1)) + !tomoyo_correct_word2(domainname, cp - domainname - 1)) goto out; domainname = cp + 1; } - return tomoyo_is_correct_path(domainname); + return tomoyo_correct_path(domainname); out: return false; } /** - * tomoyo_is_domain_def - Check whether the given token can be a domainname. + * tomoyo_domain_def - Check whether the given token can be a domainname. * * @buffer: The token to check. * * Returns true if @buffer possibly be a domainname, false otherwise. */ -bool tomoyo_is_domain_def(const unsigned char *buffer) +bool tomoyo_domain_def(const unsigned char *buffer) { return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); } @@ -528,7 +528,7 @@ static bool tomoyo_file_matches_pattern2(const char *filename, } else if (c == '\\') { if (filename[1] == '\\') filename++; - else if (tomoyo_is_byte_range(filename + 1)) + else if (tomoyo_byte_range(filename + 1)) filename += 3; else return false; @@ -549,14 +549,14 @@ static bool tomoyo_file_matches_pattern2(const char *filename, return false; break; case 'a': - if (!tomoyo_is_alphabet_char(c)) + if (!tomoyo_alphabet_char(c)) return false; break; case '0': case '1': case '2': case '3': - if (c == '\\' && tomoyo_is_byte_range(filename + 1) + if (c == '\\' && tomoyo_byte_range(filename + 1) && strncmp(filename + 1, pattern, 3) == 0) { filename += 3; pattern += 2; @@ -577,7 +577,7 @@ static bool tomoyo_file_matches_pattern2(const char *filename, continue; if (filename[i + 1] == '\\') i++; - else if (tomoyo_is_byte_range(filename + i + 1)) + else if (tomoyo_byte_range(filename + i + 1)) i += 3; else break; /* Bad pattern. */ @@ -593,7 +593,7 @@ static bool tomoyo_file_matches_pattern2(const char *filename, while (isxdigit(filename[j])) j++; } else if (c == 'A') { - while (tomoyo_is_alphabet_char(filename[j])) + while (tomoyo_alphabet_char(filename[j])) j++; } for (i = 1; i <= j; i++) { @@ -939,10 +939,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) if (perm & (1 << i)) count++; break; - case TOMOYO_TYPE_PATH_NUMBER3_ACL: - perm = container_of(ptr, struct tomoyo_path_number3_acl, + case TOMOYO_TYPE_MKDEV_ACL: + perm = container_of(ptr, struct tomoyo_mkdev_acl, head)->perm; - for (i = 0; i < TOMOYO_MAX_PATH_NUMBER3_OPERATION; i++) + for (i = 0; i < TOMOYO_MAX_MKDEV_OPERATION; i++) if (perm & (1 << i)) count++; break; |