Commit b5bc60b4 authored by Tetsuo Handa's avatar Tetsuo Handa Committed by James Morris

TOMOYO: Cleanup part 2.

Update (or temporarily remove) comments.
Remove or replace some of #define lines.
Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 7c75964f
...@@ -643,7 +643,7 @@ static int tomoyo_update_manager_entry(const char *manager, ...@@ -643,7 +643,7 @@ static int tomoyo_update_manager_entry(const char *manager,
static int tomoyo_write_manager(struct tomoyo_io_buffer *head) static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
{ {
char *data = head->write_buf; char *data = head->write_buf;
bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); bool is_delete = tomoyo_str_starts(&data, "delete ");
if (!strcmp(data, "manage_by_non_root")) { if (!strcmp(data, "manage_by_non_root")) {
tomoyo_manage_by_non_root = !is_delete; tomoyo_manage_by_non_root = !is_delete;
...@@ -830,7 +830,7 @@ static int tomoyo_delete_domain(char *domainname) ...@@ -830,7 +830,7 @@ static int tomoyo_delete_domain(char *domainname)
static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain, static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain,
const bool is_delete) const bool is_delete)
{ {
if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT)) if (tomoyo_str_starts(&data, "allow_mount "))
return tomoyo_write_mount(data, domain, is_delete); return tomoyo_write_mount(data, domain, is_delete);
return tomoyo_write_file(data, domain, is_delete); return tomoyo_write_file(data, domain, is_delete);
} }
...@@ -852,9 +852,9 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) ...@@ -852,9 +852,9 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
bool is_select = false; bool is_select = false;
unsigned int profile; unsigned int profile;
if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE)) if (tomoyo_str_starts(&data, "delete "))
is_delete = true; is_delete = true;
else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) else if (tomoyo_str_starts(&data, "select "))
is_select = true; is_select = true;
if (is_select && tomoyo_select_one(head, data)) if (is_select && tomoyo_select_one(head, data))
return 0; return 0;
...@@ -875,17 +875,17 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) ...@@ -875,17 +875,17 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
if (!domain) if (!domain)
return -EINVAL; return -EINVAL;
if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1 if (sscanf(data, "use_profile %u", &profile) == 1
&& profile < TOMOYO_MAX_PROFILES) { && profile < TOMOYO_MAX_PROFILES) {
if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)
domain->profile = (u8) profile; domain->profile = (u8) profile;
return 0; return 0;
} }
if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) { if (!strcmp(data, "quota_exceeded")) {
domain->quota_warned = !is_delete; domain->quota_warned = !is_delete;
return 0; return 0;
} }
if (!strcmp(data, TOMOYO_KEYWORD_TRANSITION_FAILED)) { if (!strcmp(data, "transition_failed")) {
domain->transition_failed = !is_delete; domain->transition_failed = !is_delete;
return 0; return 0;
} }
...@@ -1039,8 +1039,7 @@ static void tomoyo_read_domain(struct tomoyo_io_buffer *head) ...@@ -1039,8 +1039,7 @@ static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
/* Print domainname and flags. */ /* Print domainname and flags. */
tomoyo_set_string(head, domain->domainname->name); tomoyo_set_string(head, domain->domainname->name);
tomoyo_set_lf(head); tomoyo_set_lf(head);
tomoyo_io_printf(head, tomoyo_io_printf(head, "use_profile %u\n",
TOMOYO_KEYWORD_USE_PROFILE "%u\n",
domain->profile); domain->profile);
if (domain->quota_warned) if (domain->quota_warned)
tomoyo_set_string(head, "quota_exceeded\n"); tomoyo_set_string(head, "quota_exceeded\n");
...@@ -1192,17 +1191,15 @@ static void tomoyo_read_pid(struct tomoyo_io_buffer *head) ...@@ -1192,17 +1191,15 @@ static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
} }
static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
[TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain",
= TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN, [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain",
[TOMOYO_TRANSITION_CONTROL_INITIALIZE] [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain",
= TOMOYO_KEYWORD_INITIALIZE_DOMAIN, [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain",
[TOMOYO_TRANSITION_CONTROL_NO_KEEP] = TOMOYO_KEYWORD_NO_KEEP_DOMAIN,
[TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN
}; };
static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
[TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP, [TOMOYO_PATH_GROUP] = "path_group ",
[TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP [TOMOYO_NUMBER_GROUP] = "number_group ",
}; };
/** /**
...@@ -1217,13 +1214,13 @@ static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { ...@@ -1217,13 +1214,13 @@ static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
static int tomoyo_write_exception(struct tomoyo_io_buffer *head) static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
{ {
char *data = head->write_buf; char *data = head->write_buf;
bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); bool is_delete = tomoyo_str_starts(&data, "delete ");
u8 i; u8 i;
static const struct { static const struct {
const char *keyword; const char *keyword;
int (*write) (char *, const bool); int (*write) (char *, const bool);
} tomoyo_callback[1] = { } tomoyo_callback[1] = {
{ TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator }, { "aggregator ", tomoyo_write_aggregator },
}; };
for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
...@@ -1324,8 +1321,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) ...@@ -1324,8 +1321,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
{ {
struct tomoyo_aggregator *ptr = struct tomoyo_aggregator *ptr =
container_of(acl, typeof(*ptr), head); container_of(acl, typeof(*ptr), head);
tomoyo_set_string(head, tomoyo_set_string(head, "aggregator ");
TOMOYO_KEYWORD_AGGREGATOR);
tomoyo_set_string(head, tomoyo_set_string(head,
ptr->original_name->name); ptr->original_name->name);
tomoyo_set_space(head); tomoyo_set_space(head);
......
This diff is collapsed.
...@@ -212,8 +212,7 @@ static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) ...@@ -212,8 +212,7 @@ static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r)
/** /**
* tomoyo_audit_path_number_log - Audit path/number request log. * tomoyo_audit_path_number_log - Audit path/number request log.
* *
* @r: Pointer to "struct tomoyo_request_info". * @r: Pointer to "struct tomoyo_request_info".
* @error: Error code.
* *
* Returns 0 on success, negative value otherwise. * Returns 0 on success, negative value otherwise.
*/ */
......
...@@ -7,22 +7,16 @@ ...@@ -7,22 +7,16 @@
#include <linux/slab.h> #include <linux/slab.h>
#include "common.h" #include "common.h"
/* Keywords for mount restrictions. */ /* String table for special mount operations. */
static const char * const tomoyo_mounts[TOMOYO_MAX_SPECIAL_MOUNT] = {
/* Allow to call 'mount --bind /source_dir /dest_dir' */ [TOMOYO_MOUNT_BIND] = "--bind",
#define TOMOYO_MOUNT_BIND_KEYWORD "--bind" [TOMOYO_MOUNT_MOVE] = "--move",
/* Allow to call 'mount --move /old_dir /new_dir ' */ [TOMOYO_MOUNT_REMOUNT] = "--remount",
#define TOMOYO_MOUNT_MOVE_KEYWORD "--move" [TOMOYO_MOUNT_MAKE_UNBINDABLE] = "--make-unbindable",
/* Allow to call 'mount -o remount /dir ' */ [TOMOYO_MOUNT_MAKE_PRIVATE] = "--make-private",
#define TOMOYO_MOUNT_REMOUNT_KEYWORD "--remount" [TOMOYO_MOUNT_MAKE_SLAVE] = "--make-slave",
/* Allow to call 'mount --make-unbindable /dir' */ [TOMOYO_MOUNT_MAKE_SHARED] = "--make-shared",
#define TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD "--make-unbindable" };
/* Allow to call 'mount --make-private /dir' */
#define TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD "--make-private"
/* Allow to call 'mount --make-slave /dir' */
#define TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD "--make-slave"
/* Allow to call 'mount --make-shared /dir' */
#define TOMOYO_MOUNT_MAKE_SHARED_KEYWORD "--make-shared"
/** /**
* tomoyo_audit_mount_log - Audit mount log. * tomoyo_audit_mount_log - Audit mount log.
...@@ -39,22 +33,21 @@ static int tomoyo_audit_mount_log(struct tomoyo_request_info *r) ...@@ -39,22 +33,21 @@ static int tomoyo_audit_mount_log(struct tomoyo_request_info *r)
const unsigned long flags = r->param.mount.flags; const unsigned long flags = r->param.mount.flags;
if (r->granted) if (r->granted)
return 0; return 0;
if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD)) if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT])
tomoyo_warn_log(r, "mount -o remount %s 0x%lX", dir, flags); tomoyo_warn_log(r, "mount -o remount %s 0x%lX", dir, flags);
else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD) else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND]
|| !strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD)) || type == tomoyo_mounts[TOMOYO_MOUNT_MOVE])
tomoyo_warn_log(r, "mount %s %s %s 0x%lX", type, dev, dir, tomoyo_warn_log(r, "mount %s %s %s 0x%lX", type, dev, dir,
flags); flags);
else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) || else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] ||
!strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) || type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] ||
!strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) || type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] ||
!strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD)) type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED])
tomoyo_warn_log(r, "mount %s %s 0x%lX", type, dir, flags); tomoyo_warn_log(r, "mount %s %s 0x%lX", type, dir, flags);
else else
tomoyo_warn_log(r, "mount -t %s %s %s 0x%lX", type, dev, dir, tomoyo_warn_log(r, "mount -t %s %s %s 0x%lX", type, dev, dir,
flags); flags);
return tomoyo_supervisor(r, return tomoyo_supervisor(r, "allow_mount %s %s %s 0x%lX\n",
TOMOYO_KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n",
r->param.mount.dev->name, r->param.mount.dev->name,
r->param.mount.dir->name, type, flags); r->param.mount.dir->name, type, flags);
} }
...@@ -85,7 +78,8 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r, ...@@ -85,7 +78,8 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
* Caller holds tomoyo_read_lock(). * Caller holds tomoyo_read_lock().
*/ */
static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name, static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
struct path *dir, char *type, unsigned long flags) struct path *dir, const char *type,
unsigned long flags)
{ {
struct path path; struct path path;
struct file_system_type *fstype = NULL; struct file_system_type *fstype = NULL;
...@@ -115,15 +109,15 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name, ...@@ -115,15 +109,15 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
tomoyo_fill_path_info(&rdir); tomoyo_fill_path_info(&rdir);
/* Compare fs name. */ /* Compare fs name. */
if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD)) { if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]) {
/* dev_name is ignored. */ /* dev_name is ignored. */
} else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) || } else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] ||
!strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) || type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] ||
!strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) || type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] ||
!strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD)) { type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]) {
/* dev_name is ignored. */ /* dev_name is ignored. */
} else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD) || } else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND] ||
!strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD)) { type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {
need_dev = -1; /* dev_name is a directory */ need_dev = -1; /* dev_name is a directory */
} else { } else {
fstype = get_fs_type(type); fstype = get_fs_type(type);
...@@ -189,8 +183,9 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name, ...@@ -189,8 +183,9 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
* *
* Returns 0 on success, negative value otherwise. * Returns 0 on success, negative value otherwise.
*/ */
int tomoyo_mount_permission(char *dev_name, struct path *path, char *type, int tomoyo_mount_permission(char *dev_name, struct path *path,
unsigned long flags, void *data_page) const char *type, unsigned long flags,
void *data_page)
{ {
struct tomoyo_request_info r; struct tomoyo_request_info r;
int error; int error;
...@@ -202,31 +197,31 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type, ...@@ -202,31 +197,31 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
if ((flags & MS_MGC_MSK) == MS_MGC_VAL) if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
flags &= ~MS_MGC_MSK; flags &= ~MS_MGC_MSK;
if (flags & MS_REMOUNT) { if (flags & MS_REMOUNT) {
type = TOMOYO_MOUNT_REMOUNT_KEYWORD; type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT];
flags &= ~MS_REMOUNT; flags &= ~MS_REMOUNT;
} }
if (flags & MS_MOVE) { if (flags & MS_MOVE) {
type = TOMOYO_MOUNT_MOVE_KEYWORD; type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
flags &= ~MS_MOVE; flags &= ~MS_MOVE;
} }
if (flags & MS_BIND) { if (flags & MS_BIND) {
type = TOMOYO_MOUNT_BIND_KEYWORD; type = tomoyo_mounts[TOMOYO_MOUNT_BIND];
flags &= ~MS_BIND; flags &= ~MS_BIND;
} }
if (flags & MS_UNBINDABLE) { if (flags & MS_UNBINDABLE) {
type = TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD; type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
flags &= ~MS_UNBINDABLE; flags &= ~MS_UNBINDABLE;
} }
if (flags & MS_PRIVATE) { if (flags & MS_PRIVATE) {
type = TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD; type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE];
flags &= ~MS_PRIVATE; flags &= ~MS_PRIVATE;
} }
if (flags & MS_SLAVE) { if (flags & MS_SLAVE) {
type = TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD; type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE];
flags &= ~MS_SLAVE; flags &= ~MS_SLAVE;
} }
if (flags & MS_SHARED) { if (flags & MS_SHARED) {
type = TOMOYO_MOUNT_MAKE_SHARED_KEYWORD; type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
flags &= ~MS_SHARED; flags &= ~MS_SHARED;
} }
if (!type) if (!type)
......
...@@ -38,7 +38,7 @@ static int tomoyo_release(struct inode *inode, struct file *file) ...@@ -38,7 +38,7 @@ static int tomoyo_release(struct inode *inode, struct file *file)
} }
/** /**
* tomoyo_poll - poll() for /proc/ccs/ interface. * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
* *
* @file: Pointer to "struct file". * @file: Pointer to "struct file".
* @wait: Pointer to "poll_table". * @wait: Pointer to "poll_table".
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment