Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 75093152 authored by Tetsuo Handa's avatar Tetsuo Handa Committed by James Morris
Browse files

TOMOYO: Rename symbols.



Use shorter name in order to make it easier to fix 80 columns limit.

Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 99a85259
Loading
Loading
Loading
Loading
+22 −22
Original line number Diff line number Diff line
@@ -494,12 +494,12 @@ static int tomoyo_update_manager_entry(const char *manager,
	struct tomoyo_policy_manager_entry e = { };
	int error;

	if (tomoyo_is_domain_def(manager)) {
		if (!tomoyo_is_correct_domain(manager))
	if (tomoyo_domain_def(manager)) {
		if (!tomoyo_correct_domain(manager))
			return -EINVAL;
		e.is_domain = true;
	} else {
		if (!tomoyo_is_correct_path(manager))
		if (!tomoyo_correct_path(manager))
			return -EINVAL;
	}
	e.manager = tomoyo_get_name(manager);
@@ -565,14 +565,14 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
}

/**
 * tomoyo_is_policy_manager - Check whether the current process is a policy manager.
 * tomoyo_policy_manager - Check whether the current process is a policy manager.
 *
 * Returns true if the current process is permitted to modify policy
 * via /sys/kernel/security/tomoyo/ interface.
 *
 * Caller holds tomoyo_read_lock().
 */
static bool tomoyo_is_policy_manager(void)
static bool tomoyo_policy_manager(void)
{
	struct tomoyo_policy_manager_entry *ptr;
	const char *exe;
@@ -617,7 +617,7 @@ static bool tomoyo_is_policy_manager(void)
}

/**
 * tomoyo_is_select_one - Parse select command.
 * tomoyo_select_one - Parse select command.
 *
 * @head: Pointer to "struct tomoyo_io_buffer".
 * @data: String to parse.
@@ -626,7 +626,7 @@ static bool tomoyo_is_policy_manager(void)
 *
 * Caller holds tomoyo_read_lock().
 */
static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
static bool tomoyo_select_one(struct tomoyo_io_buffer *head,
				 const char *data)
{
	unsigned int pid;
@@ -647,7 +647,7 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
		read_unlock(&tasklist_lock);
		rcu_read_unlock();
	} else if (!strncmp(data, "domain=", 7)) {
		if (tomoyo_is_domain_def(data + 7))
		if (tomoyo_domain_def(data + 7))
			domain = tomoyo_find_domain(data + 7);
	} else
		return false;
@@ -748,12 +748,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
		is_delete = true;
	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
		is_select = true;
	if (is_select && tomoyo_is_select_one(head, data))
	if (is_select && tomoyo_select_one(head, data))
		return 0;
	/* Don't allow updating policies by non manager programs. */
	if (!tomoyo_is_policy_manager())
	if (!tomoyo_policy_manager())
		return -EPERM;
	if (tomoyo_is_domain_def(data)) {
	if (tomoyo_domain_def(data)) {
		domain = NULL;
		if (is_delete)
			tomoyo_delete_domain(data);
@@ -894,26 +894,26 @@ static bool tomoyo_print_path_number_acl(struct tomoyo_io_buffer *head,
}

/**
 * tomoyo_print_path_number3_acl - Print a path_number3 ACL entry.
 * tomoyo_print_mkdev_acl - Print a mkdev ACL entry.
 *
 * @head: Pointer to "struct tomoyo_io_buffer".
 * @ptr:  Pointer to "struct tomoyo_path_number3_acl".
 * @ptr:  Pointer to "struct tomoyo_mkdev_acl".
 *
 * Returns true on success, false otherwise.
 */
static bool tomoyo_print_path_number3_acl(struct tomoyo_io_buffer *head,
					  struct tomoyo_path_number3_acl *ptr)
static bool tomoyo_print_mkdev_acl(struct tomoyo_io_buffer *head,
					  struct tomoyo_mkdev_acl *ptr)
{
	int pos;
	u8 bit;
	const u16 perm = ptr->perm;
	for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_NUMBER3_OPERATION;
	for (bit = head->read_bit; bit < TOMOYO_MAX_MKDEV_OPERATION;
	     bit++) {
		if (!(perm & (1 << bit)))
			continue;
		pos = head->read_avail;
		if (!tomoyo_io_printf(head, "allow_%s",
				      tomoyo_path_number32keyword(bit)) ||
				      tomoyo_mkdev2keyword(bit)) ||
		    !tomoyo_print_name_union(head, &ptr->name) ||
		    !tomoyo_print_number_union(head, &ptr->mode) ||
		    !tomoyo_print_number_union(head, &ptr->major) ||
@@ -984,11 +984,11 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
				       head);
		return tomoyo_print_path_number_acl(head, acl);
	}
	if (acl_type == TOMOYO_TYPE_PATH_NUMBER3_ACL) {
		struct tomoyo_path_number3_acl *acl
			= container_of(ptr, struct tomoyo_path_number3_acl,
	if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
		struct tomoyo_mkdev_acl *acl
			= container_of(ptr, struct tomoyo_mkdev_acl,
				       head);
		return tomoyo_print_path_number3_acl(head, acl);
		return tomoyo_print_mkdev_acl(head, acl);
	}
	if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
		struct tomoyo_mount_acl *acl
@@ -1910,7 +1910,7 @@ int tomoyo_write_control(struct file *file, const char __user *buffer,
	/* Don't allow updating policies by non manager programs. */
	if (head->write != tomoyo_write_pid &&
	    head->write != tomoyo_write_domain_policy &&
	    !tomoyo_is_policy_manager())
	    !tomoyo_policy_manager())
		return -EPERM;
	if (mutex_lock_interruptible(&head->io_sem))
		return -EINTR;
+21 −21
Original line number Diff line number Diff line
@@ -80,7 +80,7 @@ enum tomoyo_acl_entry_type_index {
	TOMOYO_TYPE_PATH_ACL,
	TOMOYO_TYPE_PATH2_ACL,
	TOMOYO_TYPE_PATH_NUMBER_ACL,
	TOMOYO_TYPE_PATH_NUMBER3_ACL,
	TOMOYO_TYPE_MKDEV_ACL,
	TOMOYO_TYPE_MOUNT_ACL,
};

@@ -114,10 +114,10 @@ enum tomoyo_path_acl_index {

#define TOMOYO_RW_MASK ((1 << TOMOYO_TYPE_READ) | (1 << TOMOYO_TYPE_WRITE))

enum tomoyo_path_number3_acl_index {
enum tomoyo_mkdev_acl_index {
	TOMOYO_TYPE_MKBLOCK,
	TOMOYO_TYPE_MKCHAR,
	TOMOYO_MAX_PATH_NUMBER3_OPERATION
	TOMOYO_MAX_MKDEV_OPERATION
};

enum tomoyo_path2_acl_index {
@@ -342,7 +342,7 @@ struct tomoyo_number_group_member {
 *
 * Packing "struct tomoyo_acl_info" allows
 * "struct tomoyo_path_acl" to embed "u16" and "struct tomoyo_path2_acl"
 * "struct tomoyo_path_number_acl" "struct tomoyo_path_number3_acl" to embed
 * "struct tomoyo_path_number_acl" "struct tomoyo_mkdev_acl" to embed
 * "u8" without enlarging their structure size.
 */
struct tomoyo_acl_info {
@@ -439,7 +439,7 @@ struct tomoyo_path_number_acl {
};

/*
 * tomoyo_path_number3_acl is a structure which is used for holding an
 * tomoyo_mkdev_acl is a structure which is used for holding an
 * entry with one pathname and three numbers operation.
 * It has following fields.
 *
@@ -452,8 +452,8 @@ struct tomoyo_path_number_acl {
 * Directives held by this structure are "allow_mkchar", "allow_mkblock".
 *
 */
struct tomoyo_path_number3_acl {
	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER3_ACL */
struct tomoyo_mkdev_acl {
	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */
	u8 perm;
	struct tomoyo_name_union name;
	struct tomoyo_number_union mode;
@@ -756,12 +756,12 @@ int tomoyo_get_mode(const u8 profile, const u8 index);
bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
	__attribute__ ((format(printf, 2, 3)));
/* Check whether the domainname is correct. */
bool tomoyo_is_correct_domain(const unsigned char *domainname);
bool tomoyo_correct_domain(const unsigned char *domainname);
/* Check whether the token is correct. */
bool tomoyo_is_correct_path(const char *filename);
bool tomoyo_is_correct_word(const char *string);
bool tomoyo_correct_path(const char *filename);
bool tomoyo_correct_word(const char *string);
/* Check whether the token can be a domainname. */
bool tomoyo_is_domain_def(const unsigned char *buffer);
bool tomoyo_domain_def(const unsigned char *buffer);
bool tomoyo_parse_name_union(const char *filename,
			     struct tomoyo_name_union *ptr);
/* Check whether the given filename matches the given path_group. */
@@ -807,7 +807,7 @@ bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain);
/* Convert double path operation to operation name. */
const char *tomoyo_path22keyword(const u8 operation);
const char *tomoyo_path_number2keyword(const u8 operation);
const char *tomoyo_path_number32keyword(const u8 operation);
const char *tomoyo_mkdev2keyword(const u8 operation);
/* Get the last component of the given domainname. */
const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);
/* Convert single path operation to operation name. */
@@ -919,7 +919,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
				 struct path *path, const int flag);
int tomoyo_path_number_perm(const u8 operation, struct path *path,
			    unsigned long number);
int tomoyo_path_number3_perm(const u8 operation, struct path *path,
int tomoyo_mkdev_perm(const u8 operation, struct path *path,
		      const unsigned int mode, unsigned int dev);
int tomoyo_path_perm(const u8 operation, struct path *path);
int tomoyo_path2_perm(const u8 operation, struct path *path1,
@@ -1008,25 +1008,25 @@ static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a,
}

/**
 * tomoyo_is_valid - Check whether the character is a valid char.
 * tomoyo_valid - Check whether the character is a valid char.
 *
 * @c: The character to check.
 *
 * Returns true if @c is a valid character, false otherwise.
 */
static inline bool tomoyo_is_valid(const unsigned char c)
static inline bool tomoyo_valid(const unsigned char c)
{
	return c > ' ' && c < 127;
}

/**
 * tomoyo_is_invalid - Check whether the character is an invalid char.
 * tomoyo_invalid - Check whether the character is an invalid char.
 *
 * @c: The character to check.
 *
 * Returns true if @c is an invalid character, false otherwise.
 */
static inline bool tomoyo_is_invalid(const unsigned char c)
static inline bool tomoyo_invalid(const unsigned char c)
{
	return c && (c <= ' ' || c >= 127);
}
@@ -1063,20 +1063,20 @@ static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
	return task_cred_xxx(task, security);
}

static inline bool tomoyo_is_same_acl_head(const struct tomoyo_acl_info *p1,
static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *p1,
					   const struct tomoyo_acl_info *p2)
{
	return p1->type == p2->type;
}

static inline bool tomoyo_is_same_name_union
static inline bool tomoyo_same_name_union
(const struct tomoyo_name_union *p1, const struct tomoyo_name_union *p2)
{
	return p1->filename == p2->filename && p1->group == p2->group &&
		p1->is_group == p2->is_group;
}

static inline bool tomoyo_is_same_number_union
static inline bool tomoyo_same_number_union
(const struct tomoyo_number_union *p1, const struct tomoyo_number_union *p2)
{
	return p1->values[0] == p2->values[0] && p1->values[1] == p2->values[1]
+19 −19
Original line number Diff line number Diff line
@@ -256,13 +256,13 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
	struct tomoyo_domain_initializer_entry e = { .is_not = is_not };
	int error = is_delete ? -ENOENT : -ENOMEM;

	if (!tomoyo_is_correct_path(program))
	if (!tomoyo_correct_path(program))
		return -EINVAL;
	if (domainname) {
		if (!tomoyo_is_domain_def(domainname) &&
		    tomoyo_is_correct_path(domainname))
		if (!tomoyo_domain_def(domainname) &&
		    tomoyo_correct_path(domainname))
			e.is_last_name = true;
		else if (!tomoyo_is_correct_domain(domainname))
		else if (!tomoyo_correct_domain(domainname))
			return -EINVAL;
		e.domainname = tomoyo_get_name(domainname);
		if (!e.domainname)
@@ -346,7 +346,7 @@ int tomoyo_write_domain_initializer_policy(char *data, const bool is_not,
}

/**
 * tomoyo_is_domain_initializer - Check whether the given program causes domainname reinitialization.
 * tomoyo_domain_initializer - Check whether the given program causes domainname reinitialization.
 *
 * @domainname: The name of domain.
 * @program:    The name of program.
@@ -357,7 +357,7 @@ int tomoyo_write_domain_initializer_policy(char *data, const bool is_not,
 *
 * Caller holds tomoyo_read_lock().
 */
static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info *
static bool tomoyo_domain_initializer(const struct tomoyo_path_info *
					 domainname,
					 const struct tomoyo_path_info *program,
					 const struct tomoyo_path_info *
@@ -462,13 +462,13 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
	struct tomoyo_domain_keeper_entry e = { .is_not = is_not };
	int error = is_delete ? -ENOENT : -ENOMEM;

	if (!tomoyo_is_domain_def(domainname) &&
	    tomoyo_is_correct_path(domainname))
	if (!tomoyo_domain_def(domainname) &&
	    tomoyo_correct_path(domainname))
		e.is_last_name = true;
	else if (!tomoyo_is_correct_domain(domainname))
	else if (!tomoyo_correct_domain(domainname))
		return -EINVAL;
	if (program) {
		if (!tomoyo_is_correct_path(program))
		if (!tomoyo_correct_path(program))
			return -EINVAL;
		e.program = tomoyo_get_name(program);
		if (!e.program)
@@ -549,7 +549,7 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
}

/**
 * tomoyo_is_domain_keeper - Check whether the given program causes domain transition suppression.
 * tomoyo_domain_keeper - Check whether the given program causes domain transition suppression.
 *
 * @domainname: The name of domain.
 * @program:    The name of program.
@@ -560,7 +560,7 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
 *
 * Caller holds tomoyo_read_lock().
 */
static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname,
static bool tomoyo_domain_keeper(const struct tomoyo_path_info *domainname,
				    const struct tomoyo_path_info *program,
				    const struct tomoyo_path_info *last_name)
{
@@ -646,8 +646,8 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
	struct tomoyo_aggregator_entry e = { };
	int error = is_delete ? -ENOENT : -ENOMEM;

	if (!tomoyo_is_correct_path(original_name) ||
	    !tomoyo_is_correct_path(aggregated_name))
	if (!tomoyo_correct_path(original_name) ||
	    !tomoyo_correct_path(aggregated_name))
		return -EINVAL;
	e.original_name = tomoyo_get_name(original_name);
	e.aggregated_name = tomoyo_get_name(aggregated_name);
@@ -774,8 +774,8 @@ static int tomoyo_update_alias_entry(const char *original_name,
	struct tomoyo_alias_entry e = { };
	int error = is_delete ? -ENOENT : -ENOMEM;

	if (!tomoyo_is_correct_path(original_name) ||
	    !tomoyo_is_correct_path(aliased_name))
	if (!tomoyo_correct_path(original_name) ||
	    !tomoyo_correct_path(aliased_name))
		return -EINVAL;
	e.original_name = tomoyo_get_name(original_name);
	e.aliased_name = tomoyo_get_name(aliased_name);
@@ -859,7 +859,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
	const struct tomoyo_path_info *saved_domainname;
	bool found = false;

	if (!tomoyo_is_correct_domain(domainname))
	if (!tomoyo_correct_domain(domainname))
		return NULL;
	saved_domainname = tomoyo_get_name(domainname);
	if (!saved_domainname)
@@ -984,7 +984,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
	if (retval < 0)
		goto out;

	if (tomoyo_is_domain_initializer(old_domain->domainname, &rn, &ln)) {
	if (tomoyo_domain_initializer(old_domain->domainname, &rn, &ln)) {
		/* Transit to the child of tomoyo_kernel_domain domain. */
		snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1,
			 TOMOYO_ROOT_NAME " " "%s", rn.name);
@@ -996,7 +996,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
		 * initializers because they might start before /sbin/init.
		 */
		domain = old_domain;
	} else if (tomoyo_is_domain_keeper(old_domain->domainname, &rn, &ln)) {
	} else if (tomoyo_domain_keeper(old_domain->domainname, &rn, &ln)) {
		/* Keep current domain. */
		domain = old_domain;
	} else {
+52 −52
Original line number Diff line number Diff line
@@ -25,8 +25,8 @@ static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
};

/* Keyword array for operations with one pathname and three numbers. */
static const char *tomoyo_path_number3_keyword
[TOMOYO_MAX_PATH_NUMBER3_OPERATION] = {
static const char *tomoyo_mkdev_keyword
[TOMOYO_MAX_MKDEV_OPERATION] = {
	[TOMOYO_TYPE_MKBLOCK]    = "mkblock",
	[TOMOYO_TYPE_MKCHAR]     = "mkchar",
};
@@ -65,7 +65,7 @@ static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = {
	[TOMOYO_TYPE_UMOUNT]     = TOMOYO_MAC_FILE_UMOUNT,
};

static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_PATH_NUMBER3_OPERATION] = {
static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = {
	[TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK,
	[TOMOYO_TYPE_MKCHAR]  = TOMOYO_MAC_FILE_MKCHAR,
};
@@ -133,16 +133,16 @@ const char *tomoyo_path2keyword(const u8 operation)
}

/**
 * tomoyo_path_number32keyword - Get the name of path/number/number/number operations.
 * tomoyo_mkdev2keyword - Get the name of path/number/number/number operations.
 *
 * @operation: Type of operation.
 *
 * Returns the name of path/number/number/number operation.
 */
const char *tomoyo_path_number32keyword(const u8 operation)
const char *tomoyo_mkdev2keyword(const u8 operation)
{
	return (operation < TOMOYO_MAX_PATH_NUMBER3_OPERATION)
		? tomoyo_path_number3_keyword[operation] : NULL;
	return (operation < TOMOYO_MAX_MKDEV_OPERATION)
		? tomoyo_mkdev_keyword[operation] : NULL;
}

/**
@@ -266,7 +266,7 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r)
 */
static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r)
{
	const char *operation = tomoyo_path_number32keyword(r->param.mkdev.
	const char *operation = tomoyo_mkdev2keyword(r->param.mkdev.
							    operation);
	const struct tomoyo_path_info *filename = r->param.mkdev.filename;
	const unsigned int major = r->param.mkdev.major;
@@ -380,7 +380,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
	struct tomoyo_globally_readable_file_entry e = { };
	int error;

	if (!tomoyo_is_correct_word(filename))
	if (!tomoyo_correct_word(filename))
		return -EINVAL;
	e.filename = tomoyo_get_name(filename);
	if (!e.filename)
@@ -393,7 +393,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
}

/**
 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
 * tomoyo_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
 *
 * @filename: The filename to check.
 *
@@ -401,7 +401,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
 *
 * Caller holds tomoyo_read_lock().
 */
static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info *
static bool tomoyo_globally_readable_file(const struct tomoyo_path_info *
					     filename)
{
	struct tomoyo_globally_readable_file_entry *ptr;
@@ -517,7 +517,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
	struct tomoyo_pattern_entry e = { };
	int error;

	if (!tomoyo_is_correct_word(pattern))
	if (!tomoyo_correct_word(pattern))
		return -EINVAL;
	e.pattern = tomoyo_get_name(pattern);
	if (!e.pattern)
@@ -658,7 +658,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
	struct tomoyo_no_rewrite_entry e = { };
	int error;

	if (!tomoyo_is_correct_word(pattern))
	if (!tomoyo_correct_word(pattern))
		return -EINVAL;
	e.pattern = tomoyo_get_name(pattern);
	if (!e.pattern)
@@ -671,7 +671,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
}

/**
 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
 * tomoyo_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
 *
 * @filename: Filename to check.
 *
@@ -680,7 +680,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
 *
 * Caller holds tomoyo_read_lock().
 */
static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename)
static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename)
{
	struct tomoyo_no_rewrite_entry *ptr;
	bool found = false;
@@ -774,7 +774,7 @@ static bool tomoyo_check_path2_acl(const struct tomoyo_request_info *r,
static bool tomoyo_check_mkdev_acl(const struct tomoyo_request_info *r,
				const struct tomoyo_acl_info *ptr)
{
	const struct tomoyo_path_number3_acl *acl =
	const struct tomoyo_mkdev_acl *acl =
		container_of(ptr, typeof(*acl), head);
	return (acl->perm & (1 << r->param.mkdev.operation)) &&
		tomoyo_compare_number_union(r->param.mkdev.mode,
@@ -792,8 +792,8 @@ static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a,
{
	const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head);
	const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head);
	return tomoyo_is_same_acl_head(&p1->head, &p2->head) &&
		tomoyo_is_same_name_union(&p1->name, &p2->name);
	return tomoyo_same_acl_head(&p1->head, &p2->head) &&
		tomoyo_same_name_union(&p1->name, &p2->name);
}

static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a,
@@ -853,28 +853,28 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,
	return error;
}

static bool tomoyo_same_path_number3_acl(const struct tomoyo_acl_info *a,
static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a,
					 const struct tomoyo_acl_info *b)
{
	const struct tomoyo_path_number3_acl *p1 = container_of(a, typeof(*p1),
	const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1),
								head);
	const struct tomoyo_path_number3_acl *p2 = container_of(b, typeof(*p2),
	const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2),
								head);
	return tomoyo_is_same_acl_head(&p1->head, &p2->head)
		&& tomoyo_is_same_name_union(&p1->name, &p2->name)
		&& tomoyo_is_same_number_union(&p1->mode, &p2->mode)
		&& tomoyo_is_same_number_union(&p1->major, &p2->major)
		&& tomoyo_is_same_number_union(&p1->minor, &p2->minor);
	return tomoyo_same_acl_head(&p1->head, &p2->head)
		&& tomoyo_same_name_union(&p1->name, &p2->name)
		&& tomoyo_same_number_union(&p1->mode, &p2->mode)
		&& tomoyo_same_number_union(&p1->major, &p2->major)
		&& tomoyo_same_number_union(&p1->minor, &p2->minor);
}

static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a,
static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a,
					  struct tomoyo_acl_info *b,
					  const bool is_delete)
{
	u8 *const a_perm = &container_of(a, struct tomoyo_path_number3_acl,
	u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl,
					 head)->perm;
	u8 perm = *a_perm;
	const u8 b_perm = container_of(b, struct tomoyo_path_number3_acl, head)
	const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head)
		->perm;
	if (is_delete)
		perm &= ~b_perm;
@@ -885,7 +885,7 @@ static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a,
}

/**
 * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list.
 * tomoyo_update_mkdev_acl - Update "struct tomoyo_mkdev_acl" list.
 *
 * @type:      Type of operation.
 * @filename:  Filename.
@@ -899,13 +899,13 @@ static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a,
 *
 * Caller holds tomoyo_read_lock().
 */
static int tomoyo_update_path_number3_acl(const u8 type, const char *filename,
static int tomoyo_update_mkdev_acl(const u8 type, const char *filename,
					  char *mode, char *major, char *minor,
					  struct tomoyo_domain_info * const
					  domain, const bool is_delete)
{
	struct tomoyo_path_number3_acl e = {
		.head.type = TOMOYO_TYPE_PATH_NUMBER3_ACL,
	struct tomoyo_mkdev_acl e = {
		.head.type = TOMOYO_TYPE_MKDEV_ACL,
		.perm = 1 << type
	};
	int error = is_delete ? -ENOENT : -ENOMEM;
@@ -915,8 +915,8 @@ static int tomoyo_update_path_number3_acl(const u8 type, const char *filename,
	    !tomoyo_parse_number_union(minor, &e.minor))
		goto out;
	error = tomoyo_update_domain(&e.head, sizeof(e), is_delete, domain,
				     tomoyo_same_path_number3_acl,
				     tomoyo_merge_path_number3_acl);
				     tomoyo_same_mkdev_acl,
				     tomoyo_merge_mkdev_acl);
 out:
	tomoyo_put_name_union(&e.name);
	tomoyo_put_number_union(&e.mode);
@@ -930,9 +930,9 @@ static bool tomoyo_same_path2_acl(const struct tomoyo_acl_info *a,
{
	const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head);
	const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head);
	return tomoyo_is_same_acl_head(&p1->head, &p2->head)
		&& tomoyo_is_same_name_union(&p1->name1, &p2->name1)
		&& tomoyo_is_same_name_union(&p1->name2, &p2->name2);
	return tomoyo_same_acl_head(&p1->head, &p2->head)
		&& tomoyo_same_name_union(&p1->name1, &p2->name1)
		&& tomoyo_same_name_union(&p1->name2, &p2->name2);
}

static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a,
@@ -1014,7 +1014,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
		tomoyo_check_acl(r, tomoyo_check_path_acl);
		if (!r->granted && operation == TOMOYO_TYPE_READ &&
		    !r->domain->ignore_global_allow_read &&
		    tomoyo_is_globally_readable_file(filename))
		    tomoyo_globally_readable_file(filename))
			r->granted = true;
		error = tomoyo_audit_path_log(r);
		/*
@@ -1029,7 +1029,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
	 * specified by "deny_rewrite" keyword.
	 */
	if (!error && operation == TOMOYO_TYPE_TRUNCATE &&
	    tomoyo_is_no_rewrite_file(filename)) {
	    tomoyo_no_rewrite_file(filename)) {
		operation = TOMOYO_TYPE_REWRITE;
		goto next;
	}
@@ -1043,9 +1043,9 @@ static bool tomoyo_same_path_number_acl(const struct tomoyo_acl_info *a,
							       head);
	const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2),
							       head);
	return tomoyo_is_same_acl_head(&p1->head, &p2->head)
		&& tomoyo_is_same_name_union(&p1->name, &p2->name)
		&& tomoyo_is_same_number_union(&p1->number, &p2->number);
	return tomoyo_same_acl_head(&p1->head, &p2->head)
		&& tomoyo_same_name_union(&p1->name, &p2->name)
		&& tomoyo_same_number_union(&p1->number, &p2->number);
}

static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a,
@@ -1204,7 +1204,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
			error = -ENOMEM;
			goto out;
		}
		if (tomoyo_is_no_rewrite_file(&buf))
		if (tomoyo_no_rewrite_file(&buf))
			error = tomoyo_path_permission(&r, TOMOYO_TYPE_REWRITE,
						       &buf);
	}
@@ -1258,7 +1258,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
		goto out;
	switch (operation) {
	case TOMOYO_TYPE_REWRITE:
		if (!tomoyo_is_no_rewrite_file(&buf)) {
		if (!tomoyo_no_rewrite_file(&buf)) {
			error = 0;
			goto out;
		}
@@ -1279,7 +1279,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
}

/**
 * tomoyo_path_number3_perm - Check permission for "mkblock" and "mkchar".
 * tomoyo_mkdev_perm - Check permission for "mkblock" and "mkchar".
 *
 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
 * @path:      Pointer to "struct path".
@@ -1288,7 +1288,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
 *
 * Returns 0 on success, negative value otherwise.
 */
int tomoyo_path_number3_perm(const u8 operation, struct path *path,
int tomoyo_mkdev_perm(const u8 operation, struct path *path,
			     const unsigned int mode, unsigned int dev)
{
	struct tomoyo_request_info r;
@@ -1304,7 +1304,7 @@ int tomoyo_path_number3_perm(const u8 operation, struct path *path,
	error = -ENOMEM;
	if (tomoyo_get_realpath(&buf, path)) {
		dev = new_decode_dev(dev);
		r.param_type = TOMOYO_TYPE_PATH_NUMBER3_ACL;
		r.param_type = TOMOYO_TYPE_MKDEV_ACL;
		r.param.mkdev.filename = &buf;
		r.param.mkdev.operation = operation;
		r.param.mkdev.mode = mode;
@@ -1420,10 +1420,10 @@ int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
	}
	if (!w[3][0] || !w[4][0])
		goto out;
	for (type = 0; type < TOMOYO_MAX_PATH_NUMBER3_OPERATION; type++) {
		if (strcmp(w[0], tomoyo_path_number3_keyword[type]))
	for (type = 0; type < TOMOYO_MAX_MKDEV_OPERATION; type++) {
		if (strcmp(w[0], tomoyo_mkdev_keyword[type]))
			continue;
		return tomoyo_update_path_number3_acl(type, w[1], w[2], w[3],
		return tomoyo_update_mkdev_acl(type, w[1], w[2], w[3],
					       w[4], domain, is_delete);
	}
 out:
+2 −2
Original line number Diff line number Diff line
@@ -122,9 +122,9 @@ static void tomoyo_del_acl(struct tomoyo_acl_info *acl)
			tomoyo_put_number_union(&entry->number);
		}
		break;
	case TOMOYO_TYPE_PATH_NUMBER3_ACL:
	case TOMOYO_TYPE_MKDEV_ACL:
		{
			struct tomoyo_path_number3_acl *entry
			struct tomoyo_mkdev_acl *entry
				= container_of(acl, typeof(*entry), head);
			tomoyo_put_name_union(&entry->name);
			tomoyo_put_number_union(&entry->mode);
Loading