commit 32997144fd9925fc4d506a16990a0c405f766526
author Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Sun Jun 26 23:19:28 2011 +0900
committer James Morris <jmorris@namei.org> Wed Jun 29 09:31:20 2011 +1000
tree 52332d25e9317250a1af1b06008d7eae18717c70
parent eadd99cc85347b4f9eb10122ac90032eb4971b02

TOMOYO: Add ACL group support.

ACL group allows administrator to globally grant not only "file read"
permission but also other permissions.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/gc.c

diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index de14030..412ee83 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -265,10 +265,17 @@
         return true;
 }
 
-static bool tomoyo_collect_acl(struct tomoyo_domain_info *domain)
+/**
+ * tomoyo_collect_acl - Delete elements in "struct tomoyo_domain_info".
+ *
+ * @list: Pointer to "struct list_head".
+ *
+ * Returns true if some elements are deleted, false otherwise.
+ */
+static bool tomoyo_collect_acl(struct list_head *list)
 {
 	struct tomoyo_acl_info *acl;
-	list_for_each_entry(acl, &domain->acl_info_list, list) {
+	list_for_each_entry(acl, list, list) {
 		if (!acl->is_deleted)
 			continue;
 		if (!tomoyo_add_to_gc(TOMOYO_ID_ACL, &acl->list))
@@ -291,10 +298,13 @@
 		if (!tomoyo_collect_member(i, &tomoyo_policy_list[i]))
 			goto unlock;
 	}
+	for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++)
+		if (!tomoyo_collect_acl(&tomoyo_acl_group[i]))
+			goto unlock;
 	{
 		struct tomoyo_domain_info *domain;
 		list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
-			if (!tomoyo_collect_acl(domain))
+			if (!tomoyo_collect_acl(&domain->acl_info_list))
 				goto unlock;
 			if (!domain->is_deleted || atomic_read(&domain->users))
 				continue;