TOMOYO: Pass parameters via structure.
To make it possible to use callback function, pass parameters via
"struct tomoyo_request_info".
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 2034540..f055e27 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -212,6 +212,39 @@
*/
struct tomoyo_request_info {
struct tomoyo_domain_info *domain;
+ /* For holding parameters. */
+ union {
+ struct {
+ const struct tomoyo_path_info *filename;
+ u8 operation;
+ } path;
+ struct {
+ const struct tomoyo_path_info *filename1;
+ const struct tomoyo_path_info *filename2;
+ u8 operation;
+ } path2;
+ struct {
+ const struct tomoyo_path_info *filename;
+ unsigned int mode;
+ unsigned int major;
+ unsigned int minor;
+ u8 operation;
+ } mkdev;
+ struct {
+ const struct tomoyo_path_info *filename;
+ unsigned long number;
+ u8 operation;
+ } path_number;
+ struct {
+ const struct tomoyo_path_info *type;
+ const struct tomoyo_path_info *dir;
+ const struct tomoyo_path_info *dev;
+ unsigned long flags;
+ int need_dev;
+ } mount;
+ } param;
+ u8 param_type;
+ bool granted;
u8 retry;
u8 profile;
u8 mode; /* One of tomoyo_mode_index . */
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 50875d7..32661df 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -973,6 +973,9 @@
r->mode = tomoyo_get_mode(r->profile, r->type);
if (r->mode == TOMOYO_CONFIG_DISABLED)
return 0;
+ r->param_type = TOMOYO_TYPE_PATH_ACL;
+ r->param.path.filename = filename;
+ r->param.path.operation = operation;
do {
error = tomoyo_path_acl(r, filename, 1 << operation);
if (error && operation == TOMOYO_TYPE_READ &&
@@ -1143,6 +1146,10 @@
break;
}
tomoyo_print_ulong(buffer, sizeof(buffer), number, radix);
+ r->param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
+ r->param.path_number.operation = type;
+ r->param.path_number.filename = filename;
+ r->param.path_number.number = number;
do {
error = tomoyo_path_number_acl(r, type, filename, number);
if (!error)
@@ -1369,8 +1376,15 @@
idx = tomoyo_read_lock();
error = -ENOMEM;
if (tomoyo_get_realpath(&buf, path)) {
+ dev = new_decode_dev(dev);
+ r.param_type = TOMOYO_TYPE_PATH_NUMBER3_ACL;
+ r.param.mkdev.filename = &buf;
+ r.param.mkdev.operation = operation;
+ r.param.mkdev.mode = mode;
+ r.param.mkdev.major = MAJOR(dev);
+ r.param.mkdev.minor = MINOR(dev);
error = tomoyo_path_number3_perm2(&r, operation, &buf, mode,
- new_decode_dev(dev));
+ dev);
kfree(buf.name);
}
tomoyo_read_unlock(idx);
@@ -1421,6 +1435,10 @@
tomoyo_add_slash(&buf2);
break;
}
+ r.param_type = TOMOYO_TYPE_PATH2_ACL;
+ r.param.path2.operation = operation;
+ r.param.path2.filename1 = &buf1;
+ r.param.path2.filename2 = &buf2;
do {
error = tomoyo_path2_acl(&r, operation, &buf1, &buf2);
if (!error)
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index c170b41..554de17 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -112,6 +112,12 @@
}
rdev.name = requested_dev_name;
tomoyo_fill_path_info(&rdev);
+ r->param_type = TOMOYO_TYPE_MOUNT_ACL;
+ r->param.mount.need_dev = need_dev;
+ r->param.mount.dev = &rdev;
+ r->param.mount.dir = &rdir;
+ r->param.mount.type = &rtype;
+ r->param.mount.flags = flags;
list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) {
struct tomoyo_mount_acl *acl;
if (ptr->is_deleted || ptr->type != TOMOYO_TYPE_MOUNT_ACL)