Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c3ef1500 authored by Tetsuo Handa's avatar Tetsuo Handa Committed by James Morris
Browse files

TOMOYO: Split files into some pieces.



security/tomoyo/common.c became too large to read.

Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 17fcfbd9
Loading
Loading
Loading
Loading
+1 −1
Original line number Original line Diff line number Diff line
obj-y = common.o realpath.o tomoyo.o domain.o file.o gc.o path_group.o number_group.o mount.o
obj-y = common.o domain.o file.o gc.o load_policy.o memory.o mount.o number_group.o path_group.o realpath.o securityfs_if.o tomoyo.o util.o
+23 −1120

File changed.

Preview size limit exceeded, changes collapsed.

+27 −2
Original line number Original line Diff line number Diff line
@@ -673,6 +673,31 @@ struct tomoyo_policy_manager_entry {
extern asmlinkage long sys_getpid(void);
extern asmlinkage long sys_getpid(void);
extern asmlinkage long sys_getppid(void);
extern asmlinkage long sys_getppid(void);


/* Check whether the given string starts with the given keyword. */
bool tomoyo_str_starts(char **src, const char *find);
/* Get tomoyo_realpath() of current process. */
const char *tomoyo_get_exe(void);
/* Format string. */
void tomoyo_normalize_line(unsigned char *buffer);
/* Print warning or error message on console. */
void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...)
     __attribute__ ((format(printf, 2, 3)));
/* Check all profiles currently assigned to domains are defined. */
void tomoyo_check_profile(void);
/* Open operation for /sys/kernel/security/tomoyo/ interface. */
int tomoyo_open_control(const u8 type, struct file *file);
/* Close /sys/kernel/security/tomoyo/ interface. */
int tomoyo_close_control(struct file *file);
/* Read operation for /sys/kernel/security/tomoyo/ interface. */
int tomoyo_read_control(struct file *file, char __user *buffer,
			const int buffer_len);
/* Write operation for /sys/kernel/security/tomoyo/ interface. */
int tomoyo_write_control(struct file *file, const char __user *buffer,
			 const int buffer_len);
/* Check whether the domain has too many ACL entries to hold. */
bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
/* Print out of memory warning message. */
void tomoyo_warn_oom(const char *function);
/* Check whether the given name matches the given name_union. */
/* Check whether the given name matches the given name_union. */
bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,
bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,
			       const struct tomoyo_name_union *ptr);
			       const struct tomoyo_name_union *ptr);
@@ -837,8 +862,8 @@ int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head);
/* Set memory quota. */
/* Set memory quota. */
int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);
int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);


/* Initialize realpath related code. */
/* Initialize mm related code. */
void __init tomoyo_realpath_init(void);
void __init tomoyo_mm_init(void);
int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
			   const struct tomoyo_path_info *filename);
			   const struct tomoyo_path_info *filename);
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
+2 −18
Original line number Original line Diff line number Diff line
/*
/*
 * security/tomoyo/domain.c
 * security/tomoyo/domain.c
 *
 *
 * Implementation of the Domain-Based Mandatory Access Control.
 * Domain transition functions for TOMOYO.
 *
 * Copyright (C) 2005-2009  NTT DATA CORPORATION
 *
 * Version: 2.2.0   2009/04/01
 *
 *
 * Copyright (C) 2005-2010  NTT DATA CORPORATION
 */
 */


#include "common.h"
#include "common.h"
@@ -697,24 +694,11 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
	struct tomoyo_path_info rn; /* real name */
	struct tomoyo_path_info rn; /* real name */
	struct tomoyo_path_info sn; /* symlink name */
	struct tomoyo_path_info sn; /* symlink name */
	struct tomoyo_path_info ln; /* last name */
	struct tomoyo_path_info ln; /* last name */
	static bool initialized;


	tomoyo_init_request_info(&r, NULL);
	tomoyo_init_request_info(&r, NULL);
	if (!tmp)
	if (!tmp)
		goto out;
		goto out;


	if (!initialized) {
		/*
		 * Built-in initializers. This is needed because policies are
		 * not loaded until starting /sbin/init.
		 */
		tomoyo_update_domain_initializer_entry(NULL, "/sbin/hotplug",
						       false, false);
		tomoyo_update_domain_initializer_entry(NULL, "/sbin/modprobe",
						       false, false);
		initialized = true;
	}

 retry:
 retry:
	/* Get tomoyo_realpath of program. */
	/* Get tomoyo_realpath of program. */
	retval = -ENOENT;
	retval = -ENOENT;
+2 −60
Original line number Original line Diff line number Diff line
/*
/*
 * security/tomoyo/file.c
 * security/tomoyo/file.c
 *
 *
 * Implementation of the Domain-Based Mandatory Access Control.
 * Pathname restriction functions.
 *
 * Copyright (C) 2005-2009  NTT DATA CORPORATION
 *
 * Version: 2.2.0   2009/04/01
 *
 *
 * Copyright (C) 2005-2010  NTT DATA CORPORATION
 */
 */


#include "common.h"
#include "common.h"
@@ -99,61 +96,6 @@ bool tomoyo_compare_number_union(const unsigned long value,
	return value >= ptr->values[0] && value <= ptr->values[1];
	return value >= ptr->values[0] && value <= ptr->values[1];
}
}


/**
 * tomoyo_init_request_info - Initialize "struct tomoyo_request_info" members.
 *
 * @r:      Pointer to "struct tomoyo_request_info" to initialize.
 * @domain: Pointer to "struct tomoyo_domain_info". NULL for tomoyo_domain().
 *
 * Returns mode.
 */
int tomoyo_init_request_info(struct tomoyo_request_info *r,
			     struct tomoyo_domain_info *domain)
{
	memset(r, 0, sizeof(*r));
	if (!domain)
		domain = tomoyo_domain();
	r->domain = domain;
	r->mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
	return r->mode;
}

static void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...)
     __attribute__ ((format(printf, 2, 3)));
/**
 * tomoyo_warn_log - Print warning or error message on console.
 *
 * @r:   Pointer to "struct tomoyo_request_info".
 * @fmt: The printf()'s format string, followed by parameters.
 */
static void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...)
{
	int len = PAGE_SIZE;
	va_list args;
	char *buffer;
	if (!tomoyo_verbose_mode(r->domain))
		return;
	while (1) {
		int len2;
		buffer = kmalloc(len, GFP_NOFS);
		if (!buffer)
			return;
		va_start(args, fmt);
		len2 = vsnprintf(buffer, len - 1, fmt, args);
		va_end(args);
		if (len2 <= len - 1) {
			buffer[len2] = '\0';
			break;
		}
		len = len2 + 1;
		kfree(buffer);
	}
	printk(KERN_WARNING "TOMOYO-%s: Access %s denied for %s\n",
	       r->mode == TOMOYO_CONFIG_ENFORCING ? "ERROR" : "WARNING",
	       buffer, tomoyo_get_last_name(r->domain));
	kfree(buffer);
}

/**
/**
 * tomoyo_path2keyword - Get the name of single path operation.
 * tomoyo_path2keyword - Get the name of single path operation.
 *
 *
Loading