TOMOYO: Pass parameters via structure.
Tetsuo Handa [Wed, 16 Jun 2010 07:21:36 +0000 (16:21 +0900)]
To make it possible to use callback function, pass parameters via
"struct tomoyo_request_info".

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/common.h
security/tomoyo/file.c
security/tomoyo/mount.c

index 2034540..f055e27 100644 (file)
@@ -212,6 +212,39 @@ struct tomoyo_acl_head {
  */
 struct tomoyo_request_info {
        struct tomoyo_domain_info *domain;
+       /* For holding parameters. */
+       union {
+               struct {
+                       const struct tomoyo_path_info *filename;
+                       u8 operation;
+               } path;
+               struct {
+                       const struct tomoyo_path_info *filename1;
+                       const struct tomoyo_path_info *filename2;
+                       u8 operation;
+               } path2;
+               struct {
+                       const struct tomoyo_path_info *filename;
+                       unsigned int mode;
+                       unsigned int major;
+                       unsigned int minor;
+                       u8 operation;
+               } mkdev;
+               struct {
+                       const struct tomoyo_path_info *filename;
+                       unsigned long number;
+                       u8 operation;
+               } path_number;
+               struct {
+                       const struct tomoyo_path_info *type;
+                       const struct tomoyo_path_info *dir;
+                       const struct tomoyo_path_info *dev;
+                       unsigned long flags;
+                       int need_dev;
+               } mount;
+       } param;
+       u8 param_type;
+       bool granted;
        u8 retry;
        u8 profile;
        u8 mode; /* One of tomoyo_mode_index . */
index 50875d7..32661df 100644 (file)
@@ -973,6 +973,9 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
        r->mode = tomoyo_get_mode(r->profile, r->type);
        if (r->mode == TOMOYO_CONFIG_DISABLED)
                return 0;
+       r->param_type = TOMOYO_TYPE_PATH_ACL;
+       r->param.path.filename = filename;
+       r->param.path.operation = operation;
        do {
                error = tomoyo_path_acl(r, filename, 1 << operation);
                if (error && operation == TOMOYO_TYPE_READ &&
@@ -1143,6 +1146,10 @@ static int tomoyo_path_number_perm2(struct tomoyo_request_info *r,
                break;
        }
        tomoyo_print_ulong(buffer, sizeof(buffer), number, radix);
+       r->param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
+       r->param.path_number.operation = type;
+       r->param.path_number.filename = filename;
+       r->param.path_number.number = number;
        do {
                error = tomoyo_path_number_acl(r, type, filename, number);
                if (!error)
@@ -1369,8 +1376,15 @@ int tomoyo_path_number3_perm(const u8 operation, struct path *path,
        idx = tomoyo_read_lock();
        error = -ENOMEM;
        if (tomoyo_get_realpath(&buf, path)) {
+               dev = new_decode_dev(dev);
+               r.param_type = TOMOYO_TYPE_PATH_NUMBER3_ACL;
+               r.param.mkdev.filename = &buf;
+               r.param.mkdev.operation = operation;
+               r.param.mkdev.mode = mode;
+               r.param.mkdev.major = MAJOR(dev);
+               r.param.mkdev.minor = MINOR(dev);
                error = tomoyo_path_number3_perm2(&r, operation, &buf, mode,
-                                                 new_decode_dev(dev));
+                                                 dev);
                kfree(buf.name);
        }
        tomoyo_read_unlock(idx);
@@ -1421,6 +1435,10 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
                 tomoyo_add_slash(&buf2);
                break;
         }
+       r.param_type = TOMOYO_TYPE_PATH2_ACL;
+       r.param.path2.operation = operation;
+       r.param.path2.filename1 = &buf1;
+       r.param.path2.filename2 = &buf2;
        do {
                error = tomoyo_path2_acl(&r, operation, &buf1, &buf2);
                if (!error)
index c170b41..554de17 100644 (file)
@@ -112,6 +112,12 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
        }
        rdev.name = requested_dev_name;
        tomoyo_fill_path_info(&rdev);
+       r->param_type = TOMOYO_TYPE_MOUNT_ACL;
+       r->param.mount.need_dev = need_dev;
+       r->param.mount.dev = &rdev;
+       r->param.mount.dir = &rdir;
+       r->param.mount.type = &rtype;
+       r->param.mount.flags = flags;
        list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) {
                struct tomoyo_mount_acl *acl;
                if (ptr->is_deleted || ptr->type != TOMOYO_TYPE_MOUNT_ACL)