summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/tomoyo/common.h33
-rw-r--r--security/tomoyo/file.c20
-rw-r--r--security/tomoyo/mount.c6
3 files changed, 58 insertions, 1 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 203454025410..f055e273ec02 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -212,6 +212,39 @@ struct tomoyo_acl_head {
*/
struct tomoyo_request_info {
struct tomoyo_domain_info *domain;
+ /* For holding parameters. */
+ union {
+ struct {
+ const struct tomoyo_path_info *filename;
+ u8 operation;
+ } path;
+ struct {
+ const struct tomoyo_path_info *filename1;
+ const struct tomoyo_path_info *filename2;
+ u8 operation;
+ } path2;
+ struct {
+ const struct tomoyo_path_info *filename;
+ unsigned int mode;
+ unsigned int major;
+ unsigned int minor;
+ u8 operation;
+ } mkdev;
+ struct {
+ const struct tomoyo_path_info *filename;
+ unsigned long number;
+ u8 operation;
+ } path_number;
+ struct {
+ const struct tomoyo_path_info *type;
+ const struct tomoyo_path_info *dir;
+ const struct tomoyo_path_info *dev;
+ unsigned long flags;
+ int need_dev;
+ } mount;
+ } param;
+ u8 param_type;
+ bool granted;
u8 retry;
u8 profile;
u8 mode; /* One of tomoyo_mode_index . */
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 50875d7e8603..32661df10e85 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -973,6 +973,9 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
r->mode = tomoyo_get_mode(r->profile, r->type);
if (r->mode == TOMOYO_CONFIG_DISABLED)
return 0;
+ r->param_type = TOMOYO_TYPE_PATH_ACL;
+ r->param.path.filename = filename;
+ r->param.path.operation = operation;
do {
error = tomoyo_path_acl(r, filename, 1 << operation);
if (error && operation == TOMOYO_TYPE_READ &&
@@ -1143,6 +1146,10 @@ static int tomoyo_path_number_perm2(struct tomoyo_request_info *r,
break;
}
tomoyo_print_ulong(buffer, sizeof(buffer), number, radix);
+ r->param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
+ r->param.path_number.operation = type;
+ r->param.path_number.filename = filename;
+ r->param.path_number.number = number;
do {
error = tomoyo_path_number_acl(r, type, filename, number);
if (!error)
@@ -1369,8 +1376,15 @@ int tomoyo_path_number3_perm(const u8 operation, struct path *path,
idx = tomoyo_read_lock();
error = -ENOMEM;
if (tomoyo_get_realpath(&buf, path)) {
+ dev = new_decode_dev(dev);
+ r.param_type = TOMOYO_TYPE_PATH_NUMBER3_ACL;
+ r.param.mkdev.filename = &buf;
+ r.param.mkdev.operation = operation;
+ r.param.mkdev.mode = mode;
+ r.param.mkdev.major = MAJOR(dev);
+ r.param.mkdev.minor = MINOR(dev);
error = tomoyo_path_number3_perm2(&r, operation, &buf, mode,
- new_decode_dev(dev));
+ dev);
kfree(buf.name);
}
tomoyo_read_unlock(idx);
@@ -1421,6 +1435,10 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
tomoyo_add_slash(&buf2);
break;
}
+ r.param_type = TOMOYO_TYPE_PATH2_ACL;
+ r.param.path2.operation = operation;
+ r.param.path2.filename1 = &buf1;
+ r.param.path2.filename2 = &buf2;
do {
error = tomoyo_path2_acl(&r, operation, &buf1, &buf2);
if (!error)
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index c170b41c3833..554de173152c 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -112,6 +112,12 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
}
rdev.name = requested_dev_name;
tomoyo_fill_path_info(&rdev);
+ r->param_type = TOMOYO_TYPE_MOUNT_ACL;
+ r->param.mount.need_dev = need_dev;
+ r->param.mount.dev = &rdev;
+ r->param.mount.dir = &rdir;
+ r->param.mount.type = &rtype;
+ r->param.mount.flags = flags;
list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) {
struct tomoyo_mount_acl *acl;
if (ptr->is_deleted || ptr->type != TOMOYO_TYPE_MOUNT_ACL)