summaryrefslogtreecommitdiffstats
path: root/security/tomoyo/mount.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-06-12 13:46:22 +0200
committerJames Morris <jmorris@namei.org>2010-08-02 07:34:28 +0200
commit237ab459f12cb98eadd3fe7b85343e183a1076a4 (patch)
treef2835e2945016beb4e29b6a2ed8f9d372dc1b412 /security/tomoyo/mount.c
parentKEYS: Make /proc/keys check to see if a key is possessed before security check (diff)
downloadlinux-237ab459f12cb98eadd3fe7b85343e183a1076a4.tar.xz
linux-237ab459f12cb98eadd3fe7b85343e183a1076a4.zip
TOMOYO: Use callback for updating entries.
Use common "struct list_head" + "bool" + "u8" structure and use common code for elements using that structure. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/mount.c')
-rw-r--r--security/tomoyo/mount.c43
1 files changed, 18 insertions, 25 deletions
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 77ee8bf41948..c170b41c3833 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -114,11 +114,10 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
tomoyo_fill_path_info(&rdev);
list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) {
struct tomoyo_mount_acl *acl;
- if (ptr->type != TOMOYO_TYPE_MOUNT_ACL)
+ if (ptr->is_deleted || ptr->type != TOMOYO_TYPE_MOUNT_ACL)
continue;
acl = container_of(ptr, struct tomoyo_mount_acl, head);
- if (acl->is_deleted ||
- !tomoyo_compare_number_union(flags, &acl->flags) ||
+ if (!tomoyo_compare_number_union(flags, &acl->flags) ||
!tomoyo_compare_name_union(&rtype, &acl->fs_type) ||
!tomoyo_compare_name_union(&rdir, &acl->dir_name) ||
(need_dev &&
@@ -259,6 +258,18 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
return error;
}
+static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a,
+ const struct tomoyo_acl_info *b)
+{
+ const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head);
+ const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head);
+ return tomoyo_is_same_acl_head(&p1->head, &p2->head) &&
+ tomoyo_is_same_name_union(&p1->dev_name, &p2->dev_name) &&
+ tomoyo_is_same_name_union(&p1->dir_name, &p2->dir_name) &&
+ tomoyo_is_same_name_union(&p1->fs_type, &p2->fs_type) &&
+ tomoyo_is_same_number_union(&p1->flags, &p2->flags);
+}
+
/**
* tomoyo_write_mount_policy - Write "struct tomoyo_mount_acl" list.
*
@@ -267,11 +278,12 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
* @is_delete: True if it is a delete request.
*
* Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
*/
int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain,
const bool is_delete)
{
- struct tomoyo_acl_info *ptr;
struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL };
int error = is_delete ? -ENOENT : -ENOMEM;
char *w[4];
@@ -282,27 +294,8 @@ int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain,
!tomoyo_parse_name_union(w[2], &e.fs_type) ||
!tomoyo_parse_number_union(w[3], &e.flags))
goto out;
- if (mutex_lock_interruptible(&tomoyo_policy_lock))
- goto out;
- list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
- struct tomoyo_mount_acl *acl =
- container_of(ptr, struct tomoyo_mount_acl, head);
- if (!tomoyo_is_same_mount_acl(acl, &e))
- continue;
- acl->is_deleted = is_delete;
- error = 0;
- break;
- }
- if (!is_delete && error) {
- struct tomoyo_mount_acl *entry =
- tomoyo_commit_ok(&e, sizeof(e));
- if (entry) {
- list_add_tail_rcu(&entry->head.list,
- &domain->acl_info_list);
- error = 0;
- }
- }
- mutex_unlock(&tomoyo_policy_lock);
+ error = tomoyo_update_domain(&e.head, sizeof(e), is_delete, domain,
+ tomoyo_same_mount_acl, NULL);
out:
tomoyo_put_name_union(&e.dev_name);
tomoyo_put_name_union(&e.dir_name);