TOMOYO: Use callback for permission check. We can use callback function since parameters are passed via "const struct tomoyo_request_info". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>

commit: 99a852596beb26cc449ca1a79834c107ef4080e1 [log] [tgz]
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Wed Jun 16 16:22:51 2010 +0900
committer: James Morris <jmorris@namei.org> Mon Aug 02 15:34:32 2010 +1000
tree: 8d593b0af85f6cbbfe73b916f7449148ccf93133
parent: cf6e9a6468ec82a94cbc707b607452ec4454182c [diff] [blame]
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 35317e7..13f4f39 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c

@@ -109,6 +109,24 @@
 	return error;
 }
 
+void tomoyo_check_acl(struct tomoyo_request_info *r,
+		      bool (*check_entry) (const struct tomoyo_request_info *,
+					   const struct tomoyo_acl_info *))
+{
+	const struct tomoyo_domain_info *domain = r->domain;
+	struct tomoyo_acl_info *ptr;
+
+	list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
+		if (ptr->is_deleted || ptr->type != r->param_type)
+			continue;
+		if (check_entry(r, ptr)) {
+			r->granted = true;
+			return;
+		}
+	}
+	r->granted = false;
+}
+
 /*
  * tomoyo_domain_list is used for holding list of domains.
  * The ->acl_info_list of "struct tomoyo_domain_info" is used for holding
commit	99a852596beb26cc449ca1a79834c107ef4080e1	[log] [tgz]
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	Wed Jun 16 16:22:51 2010 +0900
committer	James Morris <jmorris@namei.org>	Mon Aug 02 15:34:32 2010 +1000
tree	8d593b0af85f6cbbfe73b916f7449148ccf93133
parent	cf6e9a6468ec82a94cbc707b607452ec4454182c [diff] [blame]