Commit 0f2a55d5bb2372058275b0b343d90dd5d640d045
Committed by
James Morris
James Morris
1 parent
c920669345
Exists in
master
and in
6 other branches
TOMOYO: Update kernel-doc.
Update comments for scripts/kernel-doc and fix some of errors reported by scripts/checkpatch.pl . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Showing 13 changed files with 269 additions and 62 deletions Side-by-side Diff
- security/tomoyo/audit.c
- security/tomoyo/common.c
- security/tomoyo/domain.c
- security/tomoyo/file.c
- security/tomoyo/gc.c
- security/tomoyo/group.c
- security/tomoyo/load_policy.c
- security/tomoyo/memory.c
- security/tomoyo/mount.c
- security/tomoyo/realpath.c
- security/tomoyo/securityfs_if.c
- security/tomoyo/tomoyo.c
- security/tomoyo/util.c
security/tomoyo/audit.c
security/tomoyo/common.c
| 1 | 1 | /* |
| 2 | 2 | * security/tomoyo/common.c |
| 3 | 3 | * |
| 4 | - * Common functions for TOMOYO. | |
| 5 | - * | |
| 6 | - * Copyright (C) 2005-2010 NTT DATA CORPORATION | |
| 4 | + * Copyright (C) 2005-2011 NTT DATA CORPORATION | |
| 7 | 5 | */ |
| 8 | 6 | |
| 9 | 7 | #include <linux/uaccess.h> |
| ... | ... | @@ -775,6 +773,14 @@ |
| 775 | 773 | goto next; |
| 776 | 774 | } |
| 777 | 775 | |
| 776 | +/** | |
| 777 | + * tomoyo_same_manager - Check for duplicated "struct tomoyo_manager" entry. | |
| 778 | + * | |
| 779 | + * @a: Pointer to "struct tomoyo_acl_head". | |
| 780 | + * @b: Pointer to "struct tomoyo_acl_head". | |
| 781 | + * | |
| 782 | + * Returns true if @a == @b, false otherwise. | |
| 783 | + */ | |
| 778 | 784 | static bool tomoyo_same_manager(const struct tomoyo_acl_head *a, |
| 779 | 785 | const struct tomoyo_acl_head *b) |
| 780 | 786 | { |
| ... | ... | @@ -1516,6 +1522,7 @@ |
| 1516 | 1522 | tomoyo_set_string(head, domain->domainname->name); |
| 1517 | 1523 | } |
| 1518 | 1524 | |
| 1525 | +/* String table for domain transition control keywords. */ | |
| 1519 | 1526 | static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { |
| 1520 | 1527 | [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ", |
| 1521 | 1528 | [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ", |
| ... | ... | @@ -1525,6 +1532,7 @@ |
| 1525 | 1532 | [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ", |
| 1526 | 1533 | }; |
| 1527 | 1534 | |
| 1535 | +/* String table for grouping keywords. */ | |
| 1528 | 1536 | static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { |
| 1529 | 1537 | [TOMOYO_PATH_GROUP] = "path_group ", |
| 1530 | 1538 | [TOMOYO_NUMBER_GROUP] = "number_group ", |
security/tomoyo/domain.c
| 1 | 1 | /* |
| 2 | 2 | * security/tomoyo/domain.c |
| 3 | 3 | * |
| 4 | - * Domain transition functions for TOMOYO. | |
| 5 | - * | |
| 6 | - * Copyright (C) 2005-2010 NTT DATA CORPORATION | |
| 4 | + * Copyright (C) 2005-2011 NTT DATA CORPORATION | |
| 7 | 5 | */ |
| 8 | 6 | |
| 9 | 7 | #include "common.h" |
| ... | ... | @@ -182,10 +180,10 @@ |
| 182 | 180 | */ |
| 183 | 181 | static const char *tomoyo_last_word(const char *name) |
| 184 | 182 | { |
| 185 | - const char *cp = strrchr(name, ' '); | |
| 186 | - if (cp) | |
| 187 | - return cp + 1; | |
| 188 | - return name; | |
| 183 | + const char *cp = strrchr(name, ' '); | |
| 184 | + if (cp) | |
| 185 | + return cp + 1; | |
| 186 | + return name; | |
| 189 | 187 | } |
| 190 | 188 | |
| 191 | 189 | /** |
security/tomoyo/file.c
| 1 | 1 | /* |
| 2 | 2 | * security/tomoyo/file.c |
| 3 | 3 | * |
| 4 | - * Pathname restriction functions. | |
| 5 | - * | |
| 6 | - * Copyright (C) 2005-2010 NTT DATA CORPORATION | |
| 4 | + * Copyright (C) 2005-2011 NTT DATA CORPORATION | |
| 7 | 5 | */ |
| 8 | 6 | |
| 9 | 7 | #include "common.h" |
| ... | ... | @@ -154,7 +152,7 @@ |
| 154 | 152 | tomoyo_fill_path_info(buf); |
| 155 | 153 | return true; |
| 156 | 154 | } |
| 157 | - return false; | |
| 155 | + return false; | |
| 158 | 156 | } |
| 159 | 157 | |
| 160 | 158 | /** |
| 161 | 159 | |
| 162 | 160 | |
| ... | ... | @@ -883,16 +881,16 @@ |
| 883 | 881 | switch (operation) { |
| 884 | 882 | struct dentry *dentry; |
| 885 | 883 | case TOMOYO_TYPE_RENAME: |
| 886 | - case TOMOYO_TYPE_LINK: | |
| 884 | + case TOMOYO_TYPE_LINK: | |
| 887 | 885 | dentry = path1->dentry; |
| 888 | - if (!dentry->d_inode || !S_ISDIR(dentry->d_inode->i_mode)) | |
| 889 | - break; | |
| 890 | - /* fall through */ | |
| 891 | - case TOMOYO_TYPE_PIVOT_ROOT: | |
| 892 | - tomoyo_add_slash(&buf1); | |
| 893 | - tomoyo_add_slash(&buf2); | |
| 886 | + if (!dentry->d_inode || !S_ISDIR(dentry->d_inode->i_mode)) | |
| 887 | + break; | |
| 888 | + /* fall through */ | |
| 889 | + case TOMOYO_TYPE_PIVOT_ROOT: | |
| 890 | + tomoyo_add_slash(&buf1); | |
| 891 | + tomoyo_add_slash(&buf2); | |
| 894 | 892 | break; |
| 895 | - } | |
| 893 | + } | |
| 896 | 894 | r.obj = &obj; |
| 897 | 895 | r.param_type = TOMOYO_TYPE_PATH2_ACL; |
| 898 | 896 | r.param.path2.operation = operation; |
security/tomoyo/gc.c
| 1 | 1 | /* |
| 2 | 2 | * security/tomoyo/gc.c |
| 3 | 3 | * |
| 4 | - * Implementation of the Domain-Based Mandatory Access Control. | |
| 5 | - * | |
| 6 | - * Copyright (C) 2005-2010 NTT DATA CORPORATION | |
| 7 | - * | |
| 4 | + * Copyright (C) 2005-2011 NTT DATA CORPORATION | |
| 8 | 5 | */ |
| 9 | 6 | |
| 10 | 7 | #include "common.h" |
| ... | ... | @@ -455,7 +452,7 @@ |
| 455 | 452 | if (!tomoyo_add_to_gc(id, &member->list)) |
| 456 | 453 | return false; |
| 457 | 454 | } |
| 458 | - return true; | |
| 455 | + return true; | |
| 459 | 456 | } |
| 460 | 457 | |
| 461 | 458 | /** |
security/tomoyo/group.c
| 1 | 1 | /* |
| 2 | 2 | * security/tomoyo/group.c |
| 3 | 3 | * |
| 4 | - * Copyright (C) 2005-2010 NTT DATA CORPORATION | |
| 4 | + * Copyright (C) 2005-2011 NTT DATA CORPORATION | |
| 5 | 5 | */ |
| 6 | 6 | |
| 7 | 7 | #include <linux/slab.h> |
| 8 | 8 | #include "common.h" |
| 9 | 9 | |
| 10 | +/** | |
| 11 | + * tomoyo_same_path_group - Check for duplicated "struct tomoyo_path_group" entry. | |
| 12 | + * | |
| 13 | + * @a: Pointer to "struct tomoyo_acl_head". | |
| 14 | + * @b: Pointer to "struct tomoyo_acl_head". | |
| 15 | + * | |
| 16 | + * Returns true if @a == @b, false otherwise. | |
| 17 | + */ | |
| 10 | 18 | static bool tomoyo_same_path_group(const struct tomoyo_acl_head *a, |
| 11 | - const struct tomoyo_acl_head *b) | |
| 19 | + const struct tomoyo_acl_head *b) | |
| 12 | 20 | { |
| 13 | 21 | return container_of(a, struct tomoyo_path_group, head)->member_name == |
| 14 | 22 | container_of(b, struct tomoyo_path_group, head)->member_name; |
| 15 | 23 | } |
| 16 | 24 | |
| 25 | +/** | |
| 26 | + * tomoyo_same_number_group - Check for duplicated "struct tomoyo_number_group" entry. | |
| 27 | + * | |
| 28 | + * @a: Pointer to "struct tomoyo_acl_head". | |
| 29 | + * @b: Pointer to "struct tomoyo_acl_head". | |
| 30 | + * | |
| 31 | + * Returns true if @a == @b, false otherwise. | |
| 32 | + */ | |
| 17 | 33 | static bool tomoyo_same_number_group(const struct tomoyo_acl_head *a, |
| 18 | - const struct tomoyo_acl_head *b) | |
| 34 | + const struct tomoyo_acl_head *b) | |
| 19 | 35 | { |
| 20 | 36 | return !memcmp(&container_of(a, struct tomoyo_number_group, head) |
| 21 | 37 | ->number, |
| ... | ... | @@ -29,7 +45,7 @@ |
| 29 | 45 | * tomoyo_write_group - Write "struct tomoyo_path_group"/"struct tomoyo_number_group" list. |
| 30 | 46 | * |
| 31 | 47 | * @param: Pointer to "struct tomoyo_acl_param". |
| 32 | - * @type: Type of this group. | |
| 48 | + * @type: Type of this group. | |
| 33 | 49 | * |
| 34 | 50 | * Returns 0 on success, negative value otherwise. |
| 35 | 51 | */ |
| ... | ... | @@ -70,8 +86,8 @@ |
| 70 | 86 | /** |
| 71 | 87 | * tomoyo_path_matches_group - Check whether the given pathname matches members of the given pathname group. |
| 72 | 88 | * |
| 73 | - * @pathname: The name of pathname. | |
| 74 | - * @group: Pointer to "struct tomoyo_path_group". | |
| 89 | + * @pathname: The name of pathname. | |
| 90 | + * @group: Pointer to "struct tomoyo_path_group". | |
| 75 | 91 | * |
| 76 | 92 | * Returns matched member's pathname if @pathname matches pathnames in @group, |
| 77 | 93 | * NULL otherwise. |
security/tomoyo/load_policy.c
security/tomoyo/memory.c
security/tomoyo/mount.c
| 1 | 1 | /* |
| 2 | 2 | * security/tomoyo/mount.c |
| 3 | 3 | * |
| 4 | - * Copyright (C) 2005-2010 NTT DATA CORPORATION | |
| 4 | + * Copyright (C) 2005-2011 NTT DATA CORPORATION | |
| 5 | 5 | */ |
| 6 | 6 | |
| 7 | 7 | #include <linux/slab.h> |
| ... | ... | @@ -62,7 +62,7 @@ |
| 62 | 62 | * tomoyo_mount_acl - Check permission for mount() operation. |
| 63 | 63 | * |
| 64 | 64 | * @r: Pointer to "struct tomoyo_request_info". |
| 65 | - * @dev_name: Name of device file. | |
| 65 | + * @dev_name: Name of device file. Maybe NULL. | |
| 66 | 66 | * @dir: Pointer to "struct path". |
| 67 | 67 | * @type: Name of filesystem type. |
| 68 | 68 | * @flags: Mount options. |
| 69 | 69 | |
| 70 | 70 | |
| ... | ... | @@ -175,11 +175,11 @@ |
| 175 | 175 | /** |
| 176 | 176 | * tomoyo_mount_permission - Check permission for mount() operation. |
| 177 | 177 | * |
| 178 | - * @dev_name: Name of device file. | |
| 178 | + * @dev_name: Name of device file. Maybe NULL. | |
| 179 | 179 | * @path: Pointer to "struct path". |
| 180 | - * @type: Name of filesystem type. May be NULL. | |
| 180 | + * @type: Name of filesystem type. Maybe NULL. | |
| 181 | 181 | * @flags: Mount options. |
| 182 | - * @data_page: Optional data. May be NULL. | |
| 182 | + * @data_page: Optional data. Maybe NULL. | |
| 183 | 183 | * |
| 184 | 184 | * Returns 0 on success, negative value otherwise. |
| 185 | 185 | */ |
security/tomoyo/realpath.c
security/tomoyo/securityfs_if.c
security/tomoyo/tomoyo.c
| 1 | 1 | /* |
| 2 | 2 | * security/tomoyo/tomoyo.c |
| 3 | 3 | * |
| 4 | - * LSM hooks for TOMOYO Linux. | |
| 5 | - * | |
| 6 | - * Copyright (C) 2005-2010 NTT DATA CORPORATION | |
| 4 | + * Copyright (C) 2005-2011 NTT DATA CORPORATION | |
| 7 | 5 | */ |
| 8 | 6 | |
| 9 | 7 | #include <linux/security.h> |
| 10 | 8 | #include "common.h" |
| 11 | 9 | |
| 10 | +/** | |
| 11 | + * tomoyo_cred_alloc_blank - Target for security_cred_alloc_blank(). | |
| 12 | + * | |
| 13 | + * @new: Pointer to "struct cred". | |
| 14 | + * @gfp: Memory allocation flags. | |
| 15 | + * | |
| 16 | + * Returns 0. | |
| 17 | + */ | |
| 12 | 18 | static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) |
| 13 | 19 | { |
| 14 | 20 | new->security = NULL; |
| 15 | 21 | return 0; |
| 16 | 22 | } |
| 17 | 23 | |
| 24 | +/** | |
| 25 | + * tomoyo_cred_prepare - Target for security_prepare_creds(). | |
| 26 | + * | |
| 27 | + * @new: Pointer to "struct cred". | |
| 28 | + * @old: Pointer to "struct cred". | |
| 29 | + * @gfp: Memory allocation flags. | |
| 30 | + * | |
| 31 | + * Returns 0. | |
| 32 | + */ | |
| 18 | 33 | static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, |
| 19 | 34 | gfp_t gfp) |
| 20 | 35 | { |
| 21 | 36 | |
| ... | ... | @@ -25,11 +40,22 @@ |
| 25 | 40 | return 0; |
| 26 | 41 | } |
| 27 | 42 | |
| 43 | +/** | |
| 44 | + * tomoyo_cred_transfer - Target for security_transfer_creds(). | |
| 45 | + * | |
| 46 | + * @new: Pointer to "struct cred". | |
| 47 | + * @old: Pointer to "struct cred". | |
| 48 | + */ | |
| 28 | 49 | static void tomoyo_cred_transfer(struct cred *new, const struct cred *old) |
| 29 | 50 | { |
| 30 | 51 | tomoyo_cred_prepare(new, old, 0); |
| 31 | 52 | } |
| 32 | 53 | |
| 54 | +/** | |
| 55 | + * tomoyo_cred_free - Target for security_cred_free(). | |
| 56 | + * | |
| 57 | + * @cred: Pointer to "struct cred". | |
| 58 | + */ | |
| 33 | 59 | static void tomoyo_cred_free(struct cred *cred) |
| 34 | 60 | { |
| 35 | 61 | struct tomoyo_domain_info *domain = cred->security; |
| ... | ... | @@ -37,6 +63,13 @@ |
| 37 | 63 | atomic_dec(&domain->users); |
| 38 | 64 | } |
| 39 | 65 | |
| 66 | +/** | |
| 67 | + * tomoyo_bprm_set_creds - Target for security_bprm_set_creds(). | |
| 68 | + * | |
| 69 | + * @bprm: Pointer to "struct linux_binprm". | |
| 70 | + * | |
| 71 | + * Returns 0 on success, negative value otherwise. | |
| 72 | + */ | |
| 40 | 73 | static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) |
| 41 | 74 | { |
| 42 | 75 | int rc; |
| ... | ... | @@ -75,6 +108,13 @@ |
| 75 | 108 | return 0; |
| 76 | 109 | } |
| 77 | 110 | |
| 111 | +/** | |
| 112 | + * tomoyo_bprm_check_security - Target for security_bprm_check(). | |
| 113 | + * | |
| 114 | + * @bprm: Pointer to "struct linux_binprm". | |
| 115 | + * | |
| 116 | + * Returns 0 on success, negative value otherwise. | |
| 117 | + */ | |
| 78 | 118 | static int tomoyo_bprm_check_security(struct linux_binprm *bprm) |
| 79 | 119 | { |
| 80 | 120 | struct tomoyo_domain_info *domain = bprm->cred->security; |
| 81 | 121 | |
| 82 | 122 | |
| 83 | 123 | |
| 84 | 124 | |
| ... | ... | @@ -92,26 +132,59 @@ |
| 92 | 132 | /* |
| 93 | 133 | * Read permission is checked against interpreters using next domain. |
| 94 | 134 | */ |
| 95 | - return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY); | |
| 135 | + return tomoyo_check_open_permission(domain, &bprm->file->f_path, | |
| 136 | + O_RDONLY); | |
| 96 | 137 | } |
| 97 | 138 | |
| 139 | +/** | |
| 140 | + * tomoyo_inode_getattr - Target for security_inode_getattr(). | |
| 141 | + * | |
| 142 | + * @mnt: Pointer to "struct vfsmount". | |
| 143 | + * @dentry: Pointer to "struct dentry". | |
| 144 | + * | |
| 145 | + * Returns 0 on success, negative value otherwise. | |
| 146 | + */ | |
| 98 | 147 | static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
| 99 | 148 | { |
| 100 | 149 | struct path path = { mnt, dentry }; |
| 101 | 150 | return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL); |
| 102 | 151 | } |
| 103 | 152 | |
| 153 | +/** | |
| 154 | + * tomoyo_path_truncate - Target for security_path_truncate(). | |
| 155 | + * | |
| 156 | + * @path: Pointer to "struct path". | |
| 157 | + * | |
| 158 | + * Returns 0 on success, negative value otherwise. | |
| 159 | + */ | |
| 104 | 160 | static int tomoyo_path_truncate(struct path *path) |
| 105 | 161 | { |
| 106 | 162 | return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL); |
| 107 | 163 | } |
| 108 | 164 | |
| 165 | +/** | |
| 166 | + * tomoyo_path_unlink - Target for security_path_unlink(). | |
| 167 | + * | |
| 168 | + * @parent: Pointer to "struct path". | |
| 169 | + * @dentry: Pointer to "struct dentry". | |
| 170 | + * | |
| 171 | + * Returns 0 on success, negative value otherwise. | |
| 172 | + */ | |
| 109 | 173 | static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) |
| 110 | 174 | { |
| 111 | 175 | struct path path = { parent->mnt, dentry }; |
| 112 | 176 | return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); |
| 113 | 177 | } |
| 114 | 178 | |
| 179 | +/** | |
| 180 | + * tomoyo_path_mkdir - Target for security_path_mkdir(). | |
| 181 | + * | |
| 182 | + * @parent: Pointer to "struct path". | |
| 183 | + * @dentry: Pointer to "struct dentry". | |
| 184 | + * @mode: DAC permission mode. | |
| 185 | + * | |
| 186 | + * Returns 0 on success, negative value otherwise. | |
| 187 | + */ | |
| 115 | 188 | static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, |
| 116 | 189 | int mode) |
| 117 | 190 | { |
| 118 | 191 | |
| ... | ... | @@ -120,12 +193,29 @@ |
| 120 | 193 | mode & S_IALLUGO); |
| 121 | 194 | } |
| 122 | 195 | |
| 196 | +/** | |
| 197 | + * tomoyo_path_rmdir - Target for security_path_rmdir(). | |
| 198 | + * | |
| 199 | + * @parent: Pointer to "struct path". | |
| 200 | + * @dentry: Pointer to "struct dentry". | |
| 201 | + * | |
| 202 | + * Returns 0 on success, negative value otherwise. | |
| 203 | + */ | |
| 123 | 204 | static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) |
| 124 | 205 | { |
| 125 | 206 | struct path path = { parent->mnt, dentry }; |
| 126 | 207 | return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); |
| 127 | 208 | } |
| 128 | 209 | |
| 210 | +/** | |
| 211 | + * tomoyo_path_symlink - Target for security_path_symlink(). | |
| 212 | + * | |
| 213 | + * @parent: Pointer to "struct path". | |
| 214 | + * @dentry: Pointer to "struct dentry". | |
| 215 | + * @old_name: Symlink's content. | |
| 216 | + * | |
| 217 | + * Returns 0 on success, negative value otherwise. | |
| 218 | + */ | |
| 129 | 219 | static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, |
| 130 | 220 | const char *old_name) |
| 131 | 221 | { |
| ... | ... | @@ -133,6 +223,16 @@ |
| 133 | 223 | return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); |
| 134 | 224 | } |
| 135 | 225 | |
| 226 | +/** | |
| 227 | + * tomoyo_path_mknod - Target for security_path_mknod(). | |
| 228 | + * | |
| 229 | + * @parent: Pointer to "struct path". | |
| 230 | + * @dentry: Pointer to "struct dentry". | |
| 231 | + * @mode: DAC permission mode. | |
| 232 | + * @dev: Device attributes. | |
| 233 | + * | |
| 234 | + * Returns 0 on success, negative value otherwise. | |
| 235 | + */ | |
| 136 | 236 | static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, |
| 137 | 237 | int mode, unsigned int dev) |
| 138 | 238 | { |
| ... | ... | @@ -163,6 +263,15 @@ |
| 163 | 263 | return tomoyo_path_number_perm(type, &path, perm); |
| 164 | 264 | } |
| 165 | 265 | |
| 266 | +/** | |
| 267 | + * tomoyo_path_link - Target for security_path_link(). | |
| 268 | + * | |
| 269 | + * @old_dentry: Pointer to "struct dentry". | |
| 270 | + * @new_dir: Pointer to "struct path". | |
| 271 | + * @new_dentry: Pointer to "struct dentry". | |
| 272 | + * | |
| 273 | + * Returns 0 on success, negative value otherwise. | |
| 274 | + */ | |
| 166 | 275 | static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, |
| 167 | 276 | struct dentry *new_dentry) |
| 168 | 277 | { |
| ... | ... | @@ -171,6 +280,16 @@ |
| 171 | 280 | return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); |
| 172 | 281 | } |
| 173 | 282 | |
| 283 | +/** | |
| 284 | + * tomoyo_path_rename - Target for security_path_rename(). | |
| 285 | + * | |
| 286 | + * @old_parent: Pointer to "struct path". | |
| 287 | + * @old_dentry: Pointer to "struct dentry". | |
| 288 | + * @new_parent: Pointer to "struct path". | |
| 289 | + * @new_dentry: Pointer to "struct dentry". | |
| 290 | + * | |
| 291 | + * Returns 0 on success, negative value otherwise. | |
| 292 | + */ | |
| 174 | 293 | static int tomoyo_path_rename(struct path *old_parent, |
| 175 | 294 | struct dentry *old_dentry, |
| 176 | 295 | struct path *new_parent, |
| ... | ... | @@ -181,6 +300,15 @@ |
| 181 | 300 | return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); |
| 182 | 301 | } |
| 183 | 302 | |
| 303 | +/** | |
| 304 | + * tomoyo_file_fcntl - Target for security_file_fcntl(). | |
| 305 | + * | |
| 306 | + * @file: Pointer to "struct file". | |
| 307 | + * @cmd: Command for fcntl(). | |
| 308 | + * @arg: Argument for @cmd. | |
| 309 | + * | |
| 310 | + * Returns 0 on success, negative value otherwise. | |
| 311 | + */ | |
| 184 | 312 | static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, |
| 185 | 313 | unsigned long arg) |
| 186 | 314 | { |
| ... | ... | @@ -190,6 +318,14 @@ |
| 190 | 318 | O_WRONLY | (arg & O_APPEND)); |
| 191 | 319 | } |
| 192 | 320 | |
| 321 | +/** | |
| 322 | + * tomoyo_dentry_open - Target for security_dentry_open(). | |
| 323 | + * | |
| 324 | + * @f: Pointer to "struct file". | |
| 325 | + * @cred: Pointer to "struct cred". | |
| 326 | + * | |
| 327 | + * Returns 0 on success, negative value otherwise. | |
| 328 | + */ | |
| 193 | 329 | static int tomoyo_dentry_open(struct file *f, const struct cred *cred) |
| 194 | 330 | { |
| 195 | 331 | int flags = f->f_flags; |
| 196 | 332 | |
| ... | ... | @@ -199,12 +335,30 @@ |
| 199 | 335 | return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); |
| 200 | 336 | } |
| 201 | 337 | |
| 338 | +/** | |
| 339 | + * tomoyo_file_ioctl - Target for security_file_ioctl(). | |
| 340 | + * | |
| 341 | + * @file: Pointer to "struct file". | |
| 342 | + * @cmd: Command for ioctl(). | |
| 343 | + * @arg: Argument for @cmd. | |
| 344 | + * | |
| 345 | + * Returns 0 on success, negative value otherwise. | |
| 346 | + */ | |
| 202 | 347 | static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, |
| 203 | 348 | unsigned long arg) |
| 204 | 349 | { |
| 205 | 350 | return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd); |
| 206 | 351 | } |
| 207 | 352 | |
| 353 | +/** | |
| 354 | + * tomoyo_path_chmod - Target for security_path_chmod(). | |
| 355 | + * | |
| 356 | + * @dentry: Pointer to "struct dentry". | |
| 357 | + * @mnt: Pointer to "struct vfsmount". | |
| 358 | + * @mode: DAC permission mode. | |
| 359 | + * | |
| 360 | + * Returns 0 on success, negative value otherwise. | |
| 361 | + */ | |
| 208 | 362 | static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, |
| 209 | 363 | mode_t mode) |
| 210 | 364 | { |
| ... | ... | @@ -213,6 +367,15 @@ |
| 213 | 367 | mode & S_IALLUGO); |
| 214 | 368 | } |
| 215 | 369 | |
| 370 | +/** | |
| 371 | + * tomoyo_path_chown - Target for security_path_chown(). | |
| 372 | + * | |
| 373 | + * @path: Pointer to "struct path". | |
| 374 | + * @uid: Owner ID. | |
| 375 | + * @gid: Group ID. | |
| 376 | + * | |
| 377 | + * Returns 0 on success, negative value otherwise. | |
| 378 | + */ | |
| 216 | 379 | static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid) |
| 217 | 380 | { |
| 218 | 381 | int error = 0; |
| 219 | 382 | |
| 220 | 383 | |
| 221 | 384 | |
| ... | ... | @@ -223,23 +386,57 @@ |
| 223 | 386 | return error; |
| 224 | 387 | } |
| 225 | 388 | |
| 389 | +/** | |
| 390 | + * tomoyo_path_chroot - Target for security_path_chroot(). | |
| 391 | + * | |
| 392 | + * @path: Pointer to "struct path". | |
| 393 | + * | |
| 394 | + * Returns 0 on success, negative value otherwise. | |
| 395 | + */ | |
| 226 | 396 | static int tomoyo_path_chroot(struct path *path) |
| 227 | 397 | { |
| 228 | 398 | return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL); |
| 229 | 399 | } |
| 230 | 400 | |
| 401 | +/** | |
| 402 | + * tomoyo_sb_mount - Target for security_sb_mount(). | |
| 403 | + * | |
| 404 | + * @dev_name: Name of device file. Maybe NULL. | |
| 405 | + * @path: Pointer to "struct path". | |
| 406 | + * @type: Name of filesystem type. Maybe NULL. | |
| 407 | + * @flags: Mount options. | |
| 408 | + * @data: Optional data. Maybe NULL. | |
| 409 | + * | |
| 410 | + * Returns 0 on success, negative value otherwise. | |
| 411 | + */ | |
| 231 | 412 | static int tomoyo_sb_mount(char *dev_name, struct path *path, |
| 232 | 413 | char *type, unsigned long flags, void *data) |
| 233 | 414 | { |
| 234 | 415 | return tomoyo_mount_permission(dev_name, path, type, flags, data); |
| 235 | 416 | } |
| 236 | 417 | |
| 418 | +/** | |
| 419 | + * tomoyo_sb_umount - Target for security_sb_umount(). | |
| 420 | + * | |
| 421 | + * @mnt: Pointer to "struct vfsmount". | |
| 422 | + * @flags: Unmount options. | |
| 423 | + * | |
| 424 | + * Returns 0 on success, negative value otherwise. | |
| 425 | + */ | |
| 237 | 426 | static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) |
| 238 | 427 | { |
| 239 | 428 | struct path path = { mnt, mnt->mnt_root }; |
| 240 | 429 | return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); |
| 241 | 430 | } |
| 242 | 431 | |
| 432 | +/** | |
| 433 | + * tomoyo_sb_pivotroot - Target for security_sb_pivotroot(). | |
| 434 | + * | |
| 435 | + * @old_path: Pointer to "struct path". | |
| 436 | + * @new_path: Pointer to "struct path". | |
| 437 | + * | |
| 438 | + * Returns 0 on success, negative value otherwise. | |
| 439 | + */ | |
| 243 | 440 | static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) |
| 244 | 441 | { |
| 245 | 442 | return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); |
| ... | ... | @@ -280,6 +477,11 @@ |
| 280 | 477 | /* Lock for GC. */ |
| 281 | 478 | struct srcu_struct tomoyo_ss; |
| 282 | 479 | |
| 480 | +/** | |
| 481 | + * tomoyo_init - Register TOMOYO Linux as a LSM module. | |
| 482 | + * | |
| 483 | + * Returns 0. | |
| 484 | + */ | |
| 283 | 485 | static int __init tomoyo_init(void) |
| 284 | 486 | { |
| 285 | 487 | struct cred *cred = (struct cred *) current_cred(); |
security/tomoyo/util.c
| 1 | 1 | /* |
| 2 | 2 | * security/tomoyo/util.c |
| 3 | 3 | * |
| 4 | - * Utility functions for TOMOYO. | |
| 5 | - * | |
| 6 | - * Copyright (C) 2005-2010 NTT DATA CORPORATION | |
| 4 | + * Copyright (C) 2005-2011 NTT DATA CORPORATION | |
| 7 | 5 | */ |
| 8 | 6 | |
| 9 | 7 | #include <linux/slab.h> |
| ... | ... | @@ -378,7 +376,7 @@ |
| 378 | 376 | /** |
| 379 | 377 | * tomoyo_correct_word2 - Validate a string. |
| 380 | 378 | * |
| 381 | - * @string: The string to check. May be non-'be non-'\0'-terminated.'-terminated. | |
| 379 | + * @string: The string to check. Maybe non-'be non-'\0'-terminated.'-terminated. | |
| 382 | 380 | * @len: Length of @string. |
| 383 | 381 | * |
| 384 | 382 | * Check whether the given string follows the naming rules. |