TOMOYO: Use struct for passing ACL line.
Use structure for passing ACL line, in preparation for supporting policy
namespace and conditional parameters.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 2e6792d..2cfadaf 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -611,8 +611,11 @@
const bool is_delete)
{
struct tomoyo_manager e = { };
- int error;
-
+ struct tomoyo_acl_param param = {
+ .is_delete = is_delete,
+ .list = &tomoyo_policy_list[TOMOYO_ID_MANAGER],
+ };
+ int error = is_delete ? -ENOENT : -ENOMEM;
if (tomoyo_domain_def(manager)) {
if (!tomoyo_correct_domain(manager))
return -EINVAL;
@@ -622,12 +625,11 @@
return -EINVAL;
}
e.manager = tomoyo_get_name(manager);
- if (!e.manager)
- return -ENOMEM;
- error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
- &tomoyo_policy_list[TOMOYO_ID_MANAGER],
- tomoyo_same_manager);
- tomoyo_put_name(e.manager);
+ if (e.manager) {
+ error = tomoyo_update_policy(&e.head, sizeof(e), ¶m,
+ tomoyo_same_manager);
+ tomoyo_put_name(e.manager);
+ }
return error;
}
@@ -821,18 +823,36 @@
/**
* tomoyo_write_domain2 - Write domain policy.
*
- * @head: Pointer to "struct tomoyo_io_buffer".
+ * @list: Pointer to "struct list_head".
+ * @data: Policy to be interpreted.
+ * @is_delete: True if it is a delete request.
*
* Returns 0 on success, negative value otherwise.
*
* Caller holds tomoyo_read_lock().
*/
-static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain,
+static int tomoyo_write_domain2(struct list_head *list, char *data,
const bool is_delete)
{
- if (tomoyo_str_starts(&data, "allow_mount "))
- return tomoyo_write_mount(data, domain, is_delete);
- return tomoyo_write_file(data, domain, is_delete);
+ struct tomoyo_acl_param param = {
+ .list = list,
+ .data = data,
+ .is_delete = is_delete,
+ };
+ static const struct {
+ const char *keyword;
+ int (*write) (struct tomoyo_acl_param *);
+ } tomoyo_callback[1] = {
+ { "file ", tomoyo_write_file },
+ };
+ u8 i;
+ for (i = 0; i < 1; i++) {
+ if (!tomoyo_str_starts(¶m.data,
+ tomoyo_callback[i].keyword))
+ continue;
+ return tomoyo_callback[i].write(¶m);
+ }
+ return -EINVAL;
}
/**
@@ -889,7 +909,7 @@
domain->transition_failed = !is_delete;
return 0;
}
- return tomoyo_write_domain2(data, domain, is_delete);
+ return tomoyo_write_domain2(&domain->acl_info_list, data, is_delete);
}
/**
@@ -1213,26 +1233,19 @@
*/
static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
{
- char *data = head->write_buf;
- bool is_delete = tomoyo_str_starts(&data, "delete ");
- u8 i;
- static const struct {
- const char *keyword;
- int (*write) (char *, const bool);
- } tomoyo_callback[1] = {
- { "aggregator ", tomoyo_write_aggregator },
+ struct tomoyo_acl_param param = {
+ .data = head->write_buf,
};
-
+ u8 i;
+ param.is_delete = tomoyo_str_starts(¶m.data, "delete ");
+ if (tomoyo_str_starts(¶m.data, "aggregator "))
+ return tomoyo_write_aggregator(¶m);
for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
- if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))
- return tomoyo_write_transition_control(data, is_delete,
- i);
- for (i = 0; i < 1; i++)
- if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword))
- return tomoyo_callback[i].write(data, is_delete);
+ if (tomoyo_str_starts(¶m.data, tomoyo_transition_type[i]))
+ return tomoyo_write_transition_control(¶m, i);
for (i = 0; i < TOMOYO_MAX_GROUP; i++)
- if (tomoyo_str_starts(&data, tomoyo_group_name[i]))
- return tomoyo_write_group(data, is_delete, i);
+ if (tomoyo_str_starts(¶m.data, tomoyo_group_name[i]))
+ return tomoyo_write_group(¶m, i);
return -EINVAL;
}
@@ -1490,7 +1503,7 @@
vsnprintf(buffer, len - 1, fmt, args);
va_end(args);
tomoyo_normalize_line(buffer);
- tomoyo_write_domain2(buffer, r->domain, false);
+ tomoyo_write_domain2(&r->domain->acl_info_list, buffer, false);
kfree(buffer);
/* fall through */
case TOMOYO_CONFIG_PERMISSIVE: