TOMOYO: Split files into some pieces. (c3ef1500) · Commits · e / devices / android_kernel_fairphone_FP4

security/tomoyo/Makefile

+1 −1

Original line number	Original line	Diff line number	Diff line
	obj-y = common.o realpath.o tomoyo.o domain.o file.o gc.o path_group.o number_group.o mount.o		obj-y = common.o domain.o file.o gc.o load_policy.o memory.o mount.o number_group.o path_group.o realpath.o securityfs_if.o tomoyo.o util.o

obj-y = common.o realpath.o tomoyo.o domain.o file.o gc.o path_group.o number_group.o mount.o

obj-y = common.o domain.o file.o gc.o load_policy.o memory.o mount.o number_group.o path_group.o realpath.o securityfs_if.o tomoyo.o util.o

security/tomoyo/common.c

+23 −1120

File changed.

Preview size limit exceeded, changes collapsed.

security/tomoyo/common.h

+27 −2

Original line number	Original line	Diff line number	Diff line
	@@ -673,6 +673,31 @@ struct tomoyo_policy_manager_entry {
	extern asmlinkage long sys_getpid(void);		extern asmlinkage long sys_getpid(void);
	extern asmlinkage long sys_getppid(void);		extern asmlinkage long sys_getppid(void);

			/* Check whether the given string starts with the given keyword. */
			bool tomoyo_str_starts(char *src, const char find);
			/* Get tomoyo_realpath() of current process. */
			const char *tomoyo_get_exe(void);
			/* Format string. */
			void tomoyo_normalize_line(unsigned char *buffer);
			/* Print warning or error message on console. */
			void tomoyo_warn_log(struct tomoyo_request_info r, const char fmt, ...)
			__attribute__ ((format(printf, 2, 3)));
			/* Check all profiles currently assigned to domains are defined. */
			void tomoyo_check_profile(void);
			/* Open operation for /sys/kernel/security/tomoyo/ interface. */
			int tomoyo_open_control(const u8 type, struct file *file);
			/* Close /sys/kernel/security/tomoyo/ interface. */
			int tomoyo_close_control(struct file *file);
			/* Read operation for /sys/kernel/security/tomoyo/ interface. */
			int tomoyo_read_control(struct file file, char __user buffer,
			const int buffer_len);
			/* Write operation for /sys/kernel/security/tomoyo/ interface. */
			int tomoyo_write_control(struct file file, const char __user buffer,
			const int buffer_len);
			/* Check whether the domain has too many ACL entries to hold. */
			bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
			/* Print out of memory warning message. */
			void tomoyo_warn_oom(const char *function);
	/* Check whether the given name matches the given name_union. */		/* Check whether the given name matches the given name_union. */
	bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,		bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,
	const struct tomoyo_name_union *ptr);		const struct tomoyo_name_union *ptr);
	@@ -837,8 +862,8 @@ int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head);
	/* Set memory quota. */		/* Set memory quota. */
	int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);		int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);

	/* Initialize realpath related code. */		/* Initialize mm related code. */
	void __init tomoyo_realpath_init(void);		void __init tomoyo_mm_init(void);
	int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,		int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
	const struct tomoyo_path_info *filename);		const struct tomoyo_path_info *filename);
	int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,		int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,

security/tomoyo/domain.c

+2 −18

Original line number	Original line	Diff line number	Diff line
	/*		/*
	* security/tomoyo/domain.c		* security/tomoyo/domain.c
	*		*
	* Implementation of the Domain-Based Mandatory Access Control.		* Domain transition functions for TOMOYO.
	*
	* Copyright (C) 2005-2009 NTT DATA CORPORATION
	*
	* Version: 2.2.0 2009/04/01
	*		*
			* Copyright (C) 2005-2010 NTT DATA CORPORATION
	*/		*/

	#include "common.h"		#include "common.h"
	@@ -697,24 +694,11 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
	struct tomoyo_path_info rn; /* real name */		struct tomoyo_path_info rn; /* real name */
	struct tomoyo_path_info sn; /* symlink name */		struct tomoyo_path_info sn; /* symlink name */
	struct tomoyo_path_info ln; /* last name */		struct tomoyo_path_info ln; /* last name */
	static bool initialized;

	tomoyo_init_request_info(&r, NULL);		tomoyo_init_request_info(&r, NULL);
	if (!tmp)		if (!tmp)
	goto out;		goto out;

	if (!initialized) {
	/*
	* Built-in initializers. This is needed because policies are
	* not loaded until starting /sbin/init.
	*/
	tomoyo_update_domain_initializer_entry(NULL, "/sbin/hotplug",
	false, false);
	tomoyo_update_domain_initializer_entry(NULL, "/sbin/modprobe",
	false, false);
	initialized = true;
	}

	retry:		retry:
	/* Get tomoyo_realpath of program. */		/* Get tomoyo_realpath of program. */
	retval = -ENOENT;		retval = -ENOENT;

security/tomoyo/file.c

+2 −60

Original line number	Original line	Diff line number	Diff line
	/*		/*
	* security/tomoyo/file.c		* security/tomoyo/file.c
	*		*
	* Implementation of the Domain-Based Mandatory Access Control.		* Pathname restriction functions.
	*
	* Copyright (C) 2005-2009 NTT DATA CORPORATION
	*
	* Version: 2.2.0 2009/04/01
	*		*
			* Copyright (C) 2005-2010 NTT DATA CORPORATION
	*/		*/

	#include "common.h"		#include "common.h"
	@@ -99,61 +96,6 @@ bool tomoyo_compare_number_union(const unsigned long value,
	return value >= ptr->values[0] && value <= ptr->values[1];		return value >= ptr->values[0] && value <= ptr->values[1];
	}		}

	/**
	* tomoyo_init_request_info - Initialize "struct tomoyo_request_info" members.
	*
	* @r: Pointer to "struct tomoyo_request_info" to initialize.
	* @domain: Pointer to "struct tomoyo_domain_info". NULL for tomoyo_domain().
	*
	* Returns mode.
	*/
	int tomoyo_init_request_info(struct tomoyo_request_info *r,
	struct tomoyo_domain_info *domain)
	{
	memset(r, 0, sizeof(*r));
	if (!domain)
	domain = tomoyo_domain();
	r->domain = domain;
	r->mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
	return r->mode;
	}

	static void tomoyo_warn_log(struct tomoyo_request_info r, const char fmt, ...)
	__attribute__ ((format(printf, 2, 3)));
	/**
	* tomoyo_warn_log - Print warning or error message on console.
	*
	* @r: Pointer to "struct tomoyo_request_info".
	* @fmt: The printf()'s format string, followed by parameters.
	*/
	static void tomoyo_warn_log(struct tomoyo_request_info r, const char fmt, ...)
	{
	int len = PAGE_SIZE;
	va_list args;
	char *buffer;
	if (!tomoyo_verbose_mode(r->domain))
	return;
	while (1) {
	int len2;
	buffer = kmalloc(len, GFP_NOFS);
	if (!buffer)
	return;
	va_start(args, fmt);
	len2 = vsnprintf(buffer, len - 1, fmt, args);
	va_end(args);
	if (len2 <= len - 1) {
	buffer[len2] = '\0';
	break;
	}
	len = len2 + 1;
	kfree(buffer);
	}
	printk(KERN_WARNING "TOMOYO-%s: Access %s denied for %s\n",
	r->mode == TOMOYO_CONFIG_ENFORCING ? "ERROR" : "WARNING",
	buffer, tomoyo_get_last_name(r->domain));
	kfree(buffer);
	}

	/**		/**
	* tomoyo_path2keyword - Get the name of single path operation.		* tomoyo_path2keyword - Get the name of single path operation.
	*		*