* 1 = must / -1 = must not / 0 = don't care
* @end_type: Should the pathname end with '/'?
* 1 = must / -1 = must not / 0 = don't care
- * @function: The name of function calling me.
*
* Check whether the given filename follows the naming rules.
* Returns true if @filename follows the naming rules, false otherwise.
*/
bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
- const s8 pattern_type, const s8 end_type,
- const char *function)
+ const s8 pattern_type, const s8 end_type)
{
const char *const start = filename;
bool in_repetition = false;
unsigned char c;
unsigned char d;
unsigned char e;
- const char *original_filename = filename;
if (!filename)
goto out;
goto out;
return true;
out:
- printk(KERN_DEBUG "%s: Invalid pathname '%s'\n", function,
- original_filename);
return false;
}
/**
* tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules.
* @domainname: The domainname to check.
- * @function: The name of function calling me.
*
* Returns true if @domainname follows the naming rules, false otherwise.
*/
-bool tomoyo_is_correct_domain(const unsigned char *domainname,
- const char *function)
+bool tomoyo_is_correct_domain(const unsigned char *domainname)
{
unsigned char c;
unsigned char d;
unsigned char e;
- const char *org_domainname = domainname;
if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME,
TOMOYO_ROOT_NAME_LEN))
} while (*domainname);
return true;
out:
- printk(KERN_DEBUG "%s: Invalid domainname '%s'\n", function,
- org_domainname);
return false;
}
return true;
list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
switch (ptr->type) {
- struct tomoyo_single_path_acl_record *acl;
+ struct tomoyo_path_acl *acl;
u32 perm;
u8 i;
- case TOMOYO_TYPE_SINGLE_PATH_ACL:
- acl = container_of(ptr,
- struct tomoyo_single_path_acl_record,
- head);
+ case TOMOYO_TYPE_PATH_ACL:
+ acl = container_of(ptr, struct tomoyo_path_acl, head);
perm = acl->perm | (((u32) acl->perm_high) << 16);
- for (i = 0; i < TOMOYO_MAX_SINGLE_PATH_OPERATION; i++)
+ for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++)
if (perm & (1 << i))
count++;
- if (perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL))
+ if (perm & (1 << TOMOYO_TYPE_READ_WRITE))
count -= 2;
break;
- case TOMOYO_TYPE_DOUBLE_PATH_ACL:
- perm = container_of(ptr,
- struct tomoyo_double_path_acl_record,
- head)->perm;
- for (i = 0; i < TOMOYO_MAX_DOUBLE_PATH_OPERATION; i++)
+ case TOMOYO_TYPE_PATH2_ACL:
+ perm = container_of(ptr, struct tomoyo_path2_acl, head)
+ ->perm;
+ for (i = 0; i < TOMOYO_MAX_PATH2_OPERATION; i++)
if (perm & (1 << i))
count++;
break;
bool is_domain = false;
if (tomoyo_is_domain_def(manager)) {
- if (!tomoyo_is_correct_domain(manager, __func__))
+ if (!tomoyo_is_correct_domain(manager))
return -EINVAL;
is_domain = true;
} else {
- if (!tomoyo_is_correct_path(manager, 1, -1, -1, __func__))
+ if (!tomoyo_is_correct_path(manager, 1, -1, -1))
return -EINVAL;
}
saved_manager = tomoyo_get_name(manager);
if (sscanf(data, "pid=%u", &pid) == 1) {
struct task_struct *p;
+ rcu_read_lock();
read_lock(&tasklist_lock);
p = find_task_by_vpid(pid);
if (p)
domain = tomoyo_real_domain(p);
read_unlock(&tasklist_lock);
+ rcu_read_unlock();
} else if (!strncmp(data, "domain=", 7)) {
if (tomoyo_is_domain_def(data + 7))
domain = tomoyo_find_domain(data + 7);
}
/**
- * tomoyo_print_single_path_acl - Print a single path ACL entry.
+ * tomoyo_print_path_acl - Print a single path ACL entry.
*
* @head: Pointer to "struct tomoyo_io_buffer".
- * @ptr: Pointer to "struct tomoyo_single_path_acl_record".
+ * @ptr: Pointer to "struct tomoyo_path_acl".
*
* Returns true on success, false otherwise.
*/
-static bool tomoyo_print_single_path_acl(struct tomoyo_io_buffer *head,
- struct tomoyo_single_path_acl_record *
- ptr)
+static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head,
+ struct tomoyo_path_acl *ptr)
{
int pos;
u8 bit;
const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16);
filename = ptr->filename->name;
- for (bit = head->read_bit; bit < TOMOYO_MAX_SINGLE_PATH_OPERATION;
- bit++) {
+ for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
const char *msg;
if (!(perm & (1 << bit)))
continue;
/* Print "read/write" instead of "read" and "write". */
- if ((bit == TOMOYO_TYPE_READ_ACL ||
- bit == TOMOYO_TYPE_WRITE_ACL)
- && (perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL)))
+ if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE)
+ && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
continue;
- msg = tomoyo_sp2keyword(bit);
+ msg = tomoyo_path2keyword(bit);
pos = head->read_avail;
if (!tomoyo_io_printf(head, "allow_%s %s%s\n", msg,
atmark, filename))
}
/**
- * tomoyo_print_double_path_acl - Print a double path ACL entry.
+ * tomoyo_print_path2_acl - Print a double path ACL entry.
*
* @head: Pointer to "struct tomoyo_io_buffer".
- * @ptr: Pointer to "struct tomoyo_double_path_acl_record".
+ * @ptr: Pointer to "struct tomoyo_path2_acl".
*
* Returns true on success, false otherwise.
*/
-static bool tomoyo_print_double_path_acl(struct tomoyo_io_buffer *head,
- struct tomoyo_double_path_acl_record *
- ptr)
+static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head,
+ struct tomoyo_path2_acl *ptr)
{
int pos;
const char *atmark1 = "";
filename1 = ptr->filename1->name;
filename2 = ptr->filename2->name;
- for (bit = head->read_bit; bit < TOMOYO_MAX_DOUBLE_PATH_OPERATION;
- bit++) {
+ for (bit = head->read_bit; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) {
const char *msg;
if (!(perm & (1 << bit)))
continue;
- msg = tomoyo_dp2keyword(bit);
+ msg = tomoyo_path22keyword(bit);
pos = head->read_avail;
if (!tomoyo_io_printf(head, "allow_%s %s%s %s%s\n", msg,
atmark1, filename1, atmark2, filename2))
{
const u8 acl_type = ptr->type;
- if (acl_type == TOMOYO_TYPE_SINGLE_PATH_ACL) {
- struct tomoyo_single_path_acl_record *acl
- = container_of(ptr,
- struct tomoyo_single_path_acl_record,
- head);
- return tomoyo_print_single_path_acl(head, acl);
+ if (acl_type == TOMOYO_TYPE_PATH_ACL) {
+ struct tomoyo_path_acl *acl
+ = container_of(ptr, struct tomoyo_path_acl, head);
+ return tomoyo_print_path_acl(head, acl);
}
- if (acl_type == TOMOYO_TYPE_DOUBLE_PATH_ACL) {
- struct tomoyo_double_path_acl_record *acl
- = container_of(ptr,
- struct tomoyo_double_path_acl_record,
- head);
- return tomoyo_print_double_path_acl(head, acl);
+ if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
+ struct tomoyo_path2_acl *acl
+ = container_of(ptr, struct tomoyo_path2_acl, head);
+ return tomoyo_print_path2_acl(head, acl);
}
BUG(); /* This must not happen. */
return false;
const int pid = head->read_step;
struct task_struct *p;
struct tomoyo_domain_info *domain = NULL;
+ rcu_read_lock();
read_lock(&tasklist_lock);
p = find_task_by_vpid(pid);
if (p)
domain = tomoyo_real_domain(p);
read_unlock(&tasklist_lock);
+ rcu_read_unlock();
if (domain)
tomoyo_io_printf(head, "%d %u %s", pid, domain->profile,
domain->domainname->name);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff