summaryrefslogtreecommitdiffstats
path: root/security/tomoyo/common.h
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-06-03 20:38:03 +0900
committerJames Morris <jmorris@namei.org>2010-08-02 15:33:42 +1000
commit1084307ca097745ed6e40a192329b133a49271ac (patch)
treef3b2e81705afb4ca3006ebb931aa0aad426ace02 /security/tomoyo/common.h
parent3f629636320dfa65804779a3fc333f3147f3b064 (diff)
TOMOYO: Add pathname aggregation support.
This patch allows users to aggregate programs which provide similar functionality (e.g. /usr/bin/vi and /usr/bin/emacs ). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r--security/tomoyo/common.h32
1 files changed, 32 insertions, 0 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index d1b8d791bff..54db39aa339 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -46,6 +46,7 @@ enum tomoyo_mode_index {
};
/* Keywords for ACLs. */
+#define TOMOYO_KEYWORD_AGGREGATOR "aggregator "
#define TOMOYO_KEYWORD_ALIAS "alias "
#define TOMOYO_KEYWORD_ALLOW_MOUNT "allow_mount "
#define TOMOYO_KEYWORD_ALLOW_READ "allow_read "
@@ -593,6 +594,24 @@ struct tomoyo_domain_keeper_entry {
};
/*
+ * tomoyo_aggregator_entry is a structure which is used for holding
+ * "aggregator" entries.
+ * It has following fields.
+ *
+ * (1) "list" which is linked to tomoyo_aggregator_list .
+ * (2) "original_name" which is originally requested name.
+ * (3) "aggregated_name" which is name to rewrite.
+ * (4) "is_deleted" is a bool which is true if marked as deleted, false
+ * otherwise.
+ */
+struct tomoyo_aggregator_entry {
+ struct list_head list;
+ const struct tomoyo_path_info *original_name;
+ const struct tomoyo_path_info *aggregated_name;
+ bool is_deleted;
+};
+
+/*
* tomoyo_alias_entry is a structure which is used for holding "alias" entries.
* It has following fields.
*
@@ -693,6 +712,8 @@ bool tomoyo_print_number_union(struct tomoyo_io_buffer *head,
const struct tomoyo_number_union *ptr);
bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num);
+/* Read "aggregator" entry in exception policy. */
+bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head);
/* Read "alias" entry in exception policy. */
bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head);
/*
@@ -730,6 +751,8 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r,
/* Check permission for mount operation. */
int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
unsigned long flags, void *data_page);
+/* Create "aggregator" entry in exception policy. */
+int tomoyo_write_aggregator_policy(char *data, const bool is_delete);
/* Create "alias" entry in exception policy. */
int tomoyo_write_alias_policy(char *data, const bool is_delete);
/*
@@ -857,6 +880,7 @@ extern struct list_head tomoyo_path_group_list;
extern struct list_head tomoyo_number_group_list;
extern struct list_head tomoyo_domain_initializer_list;
extern struct list_head tomoyo_domain_keeper_list;
+extern struct list_head tomoyo_aggregator_list;
extern struct list_head tomoyo_alias_list;
extern struct list_head tomoyo_globally_readable_list;
extern struct list_head tomoyo_pattern_list;
@@ -1036,6 +1060,14 @@ static inline bool tomoyo_is_same_domain_keeper_entry
&& p1->program == p2->program;
}
+static inline bool tomoyo_is_same_aggregator_entry
+(const struct tomoyo_aggregator_entry *p1,
+ const struct tomoyo_aggregator_entry *p2)
+{
+ return p1->original_name == p2->original_name &&
+ p1->aggregated_name == p2->aggregated_name;
+}
+
static inline bool tomoyo_is_same_alias_entry
(const struct tomoyo_alias_entry *p1, const struct tomoyo_alias_entry *p2)
{