Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cf6e9a64 authored by Tetsuo Handa's avatar Tetsuo Handa Committed by James Morris
Browse files

TOMOYO: Pass parameters via structure. 



To make it possible to use callback function, pass parameters via
"struct tomoyo_request_info".

Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 05336dee

security/tomoyo/common.h

+33 −0
Original line number Diff line number Diff line
@@ -212,6 +212,39 @@ struct tomoyo_acl_head { 
 */

struct tomoyo_request_info {

	struct tomoyo_domain_info *domain;

	/* For holding parameters. */

	union {

		struct {

			const struct tomoyo_path_info *filename;

			u8 operation;

		} path;

		struct {

			const struct tomoyo_path_info *filename1;

			const struct tomoyo_path_info *filename2;

			u8 operation;

		} path2;

		struct {

			const struct tomoyo_path_info *filename;

			unsigned int mode;

			unsigned int major;

			unsigned int minor;

			u8 operation;

		} mkdev;

		struct {

			const struct tomoyo_path_info *filename;

			unsigned long number;

			u8 operation;

		} path_number;

		struct {

			const struct tomoyo_path_info *type;

			const struct tomoyo_path_info *dir;

			const struct tomoyo_path_info *dev;

			unsigned long flags;

			int need_dev;

		} mount;

	} param;

	u8 param_type;

	bool granted;

	u8 retry;

	u8 profile;

	u8 mode; /* One of tomoyo_mode_index . */

security/tomoyo/file.c

+19 −1
Original line number Diff line number Diff line
@@ -973,6 +973,9 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, 
	r->mode = tomoyo_get_mode(r->profile, r->type);

	if (r->mode == TOMOYO_CONFIG_DISABLED)

		return 0;

	r->param_type = TOMOYO_TYPE_PATH_ACL;

	r->param.path.filename = filename;

	r->param.path.operation = operation;

	do {

		error = tomoyo_path_acl(r, filename, 1 << operation);

		if (error && operation == TOMOYO_TYPE_READ &&
@@ -1143,6 +1146,10 @@ static int tomoyo_path_number_perm2(struct tomoyo_request_info *r, 
		break;

	}

	tomoyo_print_ulong(buffer, sizeof(buffer), number, radix);

	r->param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;

	r->param.path_number.operation = type;

	r->param.path_number.filename = filename;

	r->param.path_number.number = number;

	do {

		error = tomoyo_path_number_acl(r, type, filename, number);

		if (!error)
@@ -1369,8 +1376,15 @@ int tomoyo_path_number3_perm(const u8 operation, struct path *path, 
	idx = tomoyo_read_lock();

	error = -ENOMEM;

	if (tomoyo_get_realpath(&buf, path)) {

		dev = new_decode_dev(dev);

		r.param_type = TOMOYO_TYPE_PATH_NUMBER3_ACL;

		r.param.mkdev.filename = &buf;

		r.param.mkdev.operation = operation;

		r.param.mkdev.mode = mode;

		r.param.mkdev.major = MAJOR(dev);

		r.param.mkdev.minor = MINOR(dev);

		error = tomoyo_path_number3_perm2(&r, operation, &buf, mode,

						  new_decode_dev(dev));

						  dev);

		kfree(buf.name);

	}

	tomoyo_read_unlock(idx);
@@ -1421,6 +1435,10 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1, 
                tomoyo_add_slash(&buf2);

		break;

        }

	r.param_type = TOMOYO_TYPE_PATH2_ACL;

	r.param.path2.operation = operation;

	r.param.path2.filename1 = &buf1;

	r.param.path2.filename2 = &buf2;

	do {

		error = tomoyo_path2_acl(&r, operation, &buf1, &buf2);

		if (!error)

security/tomoyo/mount.c

+6 −0
Original line number Diff line number Diff line
@@ -112,6 +112,12 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name, 
	}

	rdev.name = requested_dev_name;

	tomoyo_fill_path_info(&rdev);

	r->param_type = TOMOYO_TYPE_MOUNT_ACL;

	r->param.mount.need_dev = need_dev;

	r->param.mount.dev = &rdev;

	r->param.mount.dir = &rdir;

	r->param.mount.type = &rtype;

	r->param.mount.flags = flags;

	list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) {

		struct tomoyo_mount_acl *acl;

		if (ptr->is_deleted || ptr->type != TOMOYO_TYPE_MOUNT_ACL)