commit 059d84dbb3897d4ee494a9c842c5dda54316cb47
author Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Sat Sep 10 15:23:54 2011 +0900
committer James Morris <jmorris@namei.org> Wed Sep 14 08:27:05 2011 +1000
tree 483ca0cb613b1304184b92f075b3f5283d36c723
parent d58e0da854376841ac99defeb117a83f086715c6

TOMOYO: Add socket operation restriction support.

This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX
socket's bind()/listen()/connect()/send() operations.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/gc.c

diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 818b079..7747ceb 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -16,6 +16,7 @@
 /* Size of an element. */
 static const u8 tomoyo_element_size[TOMOYO_MAX_POLICY] = {
 	[TOMOYO_ID_GROUP] = sizeof(struct tomoyo_group),
+	[TOMOYO_ID_ADDRESS_GROUP] = sizeof(struct tomoyo_address_group),
 	[TOMOYO_ID_PATH_GROUP] = sizeof(struct tomoyo_path_group),
 	[TOMOYO_ID_NUMBER_GROUP] = sizeof(struct tomoyo_number_group),
 	[TOMOYO_ID_AGGREGATOR] = sizeof(struct tomoyo_aggregator),
@@ -36,6 +37,8 @@
 	[TOMOYO_TYPE_PATH_NUMBER_ACL] = sizeof(struct tomoyo_path_number_acl),
 	[TOMOYO_TYPE_MKDEV_ACL] = sizeof(struct tomoyo_mkdev_acl),
 	[TOMOYO_TYPE_MOUNT_ACL] = sizeof(struct tomoyo_mount_acl),
+	[TOMOYO_TYPE_INET_ACL] = sizeof(struct tomoyo_inet_acl),
+	[TOMOYO_TYPE_UNIX_ACL] = sizeof(struct tomoyo_unix_acl),
 	[TOMOYO_TYPE_ENV_ACL] = sizeof(struct tomoyo_env_acl),
 };
 
@@ -302,6 +305,23 @@
 			tomoyo_put_name(entry->env);
 		}
 		break;
+	case TOMOYO_TYPE_INET_ACL:
+		{
+			struct tomoyo_inet_acl *entry =
+				container_of(acl, typeof(*entry), head);
+
+			tomoyo_put_group(entry->address.group);
+			tomoyo_put_number_union(&entry->port);
+		}
+		break;
+	case TOMOYO_TYPE_UNIX_ACL:
+		{
+			struct tomoyo_unix_acl *entry =
+				container_of(acl, typeof(*entry), head);
+
+			tomoyo_put_name_union(&entry->name);
+		}
+		break;
 	}
 }
 
@@ -431,6 +451,18 @@
 }
 
 /**
+ * tomoyo_del_address_group - Delete members in "struct tomoyo_address_group".
+ *
+ * @element: Pointer to "struct list_head".
+ *
+ * Returns nothing.
+ */
+static inline void tomoyo_del_address_group(struct list_head *element)
+{
+	/* Nothing to do. */
+}
+
+/**
  * tomoyo_del_number_group - Delete members in "struct tomoyo_number_group".
  *
  * @element: Pointer to "struct list_head".
@@ -527,9 +559,12 @@
 			case 0:
 				id = TOMOYO_ID_PATH_GROUP;
 				break;
-			default:
+			case 1:
 				id = TOMOYO_ID_NUMBER_GROUP;
 				break;
+			default:
+				id = TOMOYO_ID_ADDRESS_GROUP;
+				break;
 			}
 			list_for_each_entry(group, list, head.list) {
 				if (!tomoyo_collect_member
@@ -634,6 +669,9 @@
 		case TOMOYO_ID_PATH_GROUP:
 			tomoyo_del_path_group(element);
 			break;
+		case TOMOYO_ID_ADDRESS_GROUP:
+			tomoyo_del_address_group(element);
+			break;
 		case TOMOYO_ID_GROUP:
 			tomoyo_del_group(element);
 			break;