Lines Matching +full:entry +full:- +full:name
1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright (C) 2005-2011 NTT DATA CORPORATION
20 * tomoyo_update_policy - Update an entry for exception policy.
25 * @check_duplicate: Callback function to find duplicated entry.
38 int error = param->is_delete ? -ENOENT : -ENOMEM; in tomoyo_update_policy()
39 struct tomoyo_acl_head *entry; in tomoyo_update_policy() local
40 struct list_head *list = param->list; in tomoyo_update_policy()
43 return -ENOMEM; in tomoyo_update_policy()
44 list_for_each_entry_rcu(entry, list, list, in tomoyo_update_policy()
46 if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS) in tomoyo_update_policy()
48 if (!check_duplicate(entry, new_entry)) in tomoyo_update_policy()
50 entry->is_deleted = param->is_delete; in tomoyo_update_policy()
54 if (error && !param->is_delete) { in tomoyo_update_policy()
55 entry = tomoyo_commit_ok(new_entry, size); in tomoyo_update_policy()
56 if (entry) { in tomoyo_update_policy()
57 list_add_tail_rcu(&entry->list, list); in tomoyo_update_policy()
66 * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
76 return a->type == b->type && a->cond == b->cond; in tomoyo_same_acl_head()
80 * tomoyo_update_domain - Update an entry for domain policy.
85 * @check_duplicate: Callback function to find duplicated entry.
86 * @merge_duplicate: Callback function to merge duplicated entry.
102 const bool is_delete = param->is_delete; in tomoyo_update_domain()
103 int error = is_delete ? -ENOENT : -ENOMEM; in tomoyo_update_domain()
104 struct tomoyo_acl_info *entry; in tomoyo_update_domain() local
105 struct list_head * const list = param->list; in tomoyo_update_domain()
107 if (param->data[0]) { in tomoyo_update_domain()
108 new_entry->cond = tomoyo_get_condition(param); in tomoyo_update_domain()
109 if (!new_entry->cond) in tomoyo_update_domain()
110 return -EINVAL; in tomoyo_update_domain()
115 if (new_entry->cond->transit && in tomoyo_update_domain()
116 !(new_entry->type == TOMOYO_TYPE_PATH_ACL && in tomoyo_update_domain()
118 ->perm == 1 << TOMOYO_TYPE_EXECUTE)) in tomoyo_update_domain()
123 list_for_each_entry_rcu(entry, list, list, in tomoyo_update_domain()
125 if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS) in tomoyo_update_domain()
127 if (!tomoyo_same_acl_head(entry, new_entry) || in tomoyo_update_domain()
128 !check_duplicate(entry, new_entry)) in tomoyo_update_domain()
131 entry->is_deleted = merge_duplicate(entry, new_entry, in tomoyo_update_domain()
134 entry->is_deleted = is_delete; in tomoyo_update_domain()
139 entry = tomoyo_commit_ok(new_entry, size); in tomoyo_update_domain()
140 if (entry) { in tomoyo_update_domain()
141 list_add_tail_rcu(&entry->list, list); in tomoyo_update_domain()
147 tomoyo_put_condition(new_entry->cond); in tomoyo_update_domain()
152 * tomoyo_check_acl - Do permission check.
165 const struct tomoyo_domain_info *domain = r->domain; in tomoyo_check_acl()
167 const struct list_head *list = &domain->acl_info_list; in tomoyo_check_acl()
173 if (ptr->is_deleted || ptr->type != r->param_type) in tomoyo_check_acl()
177 if (!tomoyo_condition(r, ptr->cond)) in tomoyo_check_acl()
179 r->matched_acl = ptr; in tomoyo_check_acl()
180 r->granted = true; in tomoyo_check_acl()
184 if (!test_bit(i, domain->group)) in tomoyo_check_acl()
186 list = &domain->ns->acl_group[i++]; in tomoyo_check_acl()
189 r->granted = false; in tomoyo_check_acl()
196 * tomoyo_last_word - Get last component of a domainname.
198 * @name: Domainname to check.
202 static const char *tomoyo_last_word(const char *name) in tomoyo_last_word() argument
204 const char *cp = strrchr(name, ' '); in tomoyo_last_word()
208 return name; in tomoyo_last_word()
212 * tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry.
229 return p1->type == p2->type && p1->is_last_name == p2->is_last_name in tomoyo_same_transition_control()
230 && p1->domainname == p2->domainname in tomoyo_same_transition_control()
231 && p1->program == p2->program; in tomoyo_same_transition_control()
235 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
238 * @type: Type of this entry.
246 int error = param->is_delete ? -ENOENT : -ENOMEM; in tomoyo_write_transition_control()
247 char *program = param->data; in tomoyo_write_transition_control()
260 return -EINVAL; in tomoyo_write_transition_control()
275 param->list = ¶m->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_write_transition_control()
285 * tomoyo_scan_transition - Try to find specific domain transition type.
288 * @domainname: The name of current domain.
289 * @program: The name of requested program.
306 if (ptr->head.is_deleted || ptr->type != type) in tomoyo_scan_transition()
308 if (ptr->domainname) { in tomoyo_scan_transition()
309 if (!ptr->is_last_name) { in tomoyo_scan_transition()
310 if (ptr->domainname != domainname) in tomoyo_scan_transition()
317 if (strcmp(ptr->domainname->name, last_name)) in tomoyo_scan_transition()
321 if (ptr->program && tomoyo_pathcmp(ptr->program, program)) in tomoyo_scan_transition()
329 * tomoyo_transition_type - Get domain transition type.
332 * @domainname: The name of current domain.
333 * @program: The name of requested program.
348 const char *last_name = tomoyo_last_word(domainname->name); in tomoyo_transition_type()
353 &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_transition_type()
375 * tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry.
390 return p1->original_name == p2->original_name && in tomoyo_same_aggregator()
391 p1->aggregated_name == p2->aggregated_name; in tomoyo_same_aggregator()
395 * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
406 int error = param->is_delete ? -ENOENT : -ENOMEM; in tomoyo_write_aggregator()
412 return -EINVAL; in tomoyo_write_aggregator()
416 e.aggregated_name->is_patterned) /* No patterns allowed. */ in tomoyo_write_aggregator()
418 param->list = ¶m->ns->policy_list[TOMOYO_ID_AGGREGATOR]; in tomoyo_write_aggregator()
428 * tomoyo_find_namespace - Find specified namespace.
430 * @name: Name of namespace to find.
431 * @len: Length of @name.
439 (const char *name, const unsigned int len) in tomoyo_find_namespace() argument
444 if (strncmp(name, ns->name, len) || in tomoyo_find_namespace()
445 (name[len] && name[len] != ' ')) in tomoyo_find_namespace()
453 * tomoyo_assign_namespace - Create a new namespace.
455 * @domainname: Name of namespace to create.
465 struct tomoyo_policy_namespace *entry; in tomoyo_assign_namespace() local
474 if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname)) in tomoyo_assign_namespace()
476 entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS); in tomoyo_assign_namespace()
477 if (!entry) in tomoyo_assign_namespace()
482 if (!ptr && tomoyo_memory_ok(entry)) { in tomoyo_assign_namespace()
483 char *name = (char *) (entry + 1); in tomoyo_assign_namespace() local
485 ptr = entry; in tomoyo_assign_namespace()
486 memmove(name, domainname, len); in tomoyo_assign_namespace()
487 name[len] = '\0'; in tomoyo_assign_namespace()
488 entry->name = name; in tomoyo_assign_namespace()
489 tomoyo_init_policy_namespace(entry); in tomoyo_assign_namespace()
490 entry = NULL; in tomoyo_assign_namespace()
494 kfree(entry); in tomoyo_assign_namespace()
499 * tomoyo_namespace_jump - Check for namespace jump.
501 * @domainname: Name of domain.
507 const char *namespace = tomoyo_current_namespace()->name; in tomoyo_namespace_jump()
515 * tomoyo_assign_domain - Create a domain or a namespace.
517 * @domainname: The name of domain.
528 struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname); in tomoyo_assign_domain() local
531 if (entry) { in tomoyo_assign_domain()
540 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
543 return entry; in tomoyo_assign_domain()
547 if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 || in tomoyo_assign_domain()
568 e.profile = domain->profile; in tomoyo_assign_domain()
569 memcpy(e.group, domain->group, sizeof(e.group)); in tomoyo_assign_domain()
576 entry = tomoyo_find_domain(domainname); in tomoyo_assign_domain()
577 if (!entry) { in tomoyo_assign_domain()
578 entry = tomoyo_commit_ok(&e, sizeof(e)); in tomoyo_assign_domain()
579 if (entry) { in tomoyo_assign_domain()
580 INIT_LIST_HEAD(&entry->acl_info_list); in tomoyo_assign_domain()
581 list_add_tail_rcu(&entry->list, &tomoyo_domain_list); in tomoyo_assign_domain()
588 if (entry && transit) { in tomoyo_assign_domain()
593 tomoyo_init_request_info(&r, entry, in tomoyo_assign_domain()
597 entry->profile); in tomoyo_assign_domain()
599 if (test_bit(i, entry->group)) in tomoyo_assign_domain()
605 return entry; in tomoyo_assign_domain()
609 * tomoyo_environ - Check permission for environment variable names.
617 struct tomoyo_request_info *r = &ee->r; in tomoyo_environ()
618 struct linux_binprm *bprm = ee->bprm; in tomoyo_environ()
623 unsigned long pos = bprm->p; in tomoyo_environ()
625 int argv_count = bprm->argc; in tomoyo_environ()
626 int envp_count = bprm->envc; in tomoyo_environ()
627 int error = -ENOMEM; in tomoyo_environ()
629 ee->r.type = TOMOYO_MAC_ENVIRON; in tomoyo_environ()
630 ee->r.profile = r->domain->profile; in tomoyo_environ()
631 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
633 if (!r->mode || !envp_count) in tomoyo_environ()
638 while (error == -ENOMEM) { in tomoyo_environ()
641 pos += PAGE_SIZE - offset; in tomoyo_environ()
645 argv_count--; in tomoyo_environ()
654 if (c && arg_len < TOMOYO_EXEC_TMPSIZE - 10) { in tomoyo_environ()
675 error = -EPERM; in tomoyo_environ()
678 if (!--envp_count) { in tomoyo_environ()
687 if (r->mode != TOMOYO_CONFIG_ENFORCING) in tomoyo_environ()
695 * tomoyo_find_next_domain - Find a domain.
707 const char *original_name = bprm->filename; in tomoyo_find_next_domain()
708 int retval = -ENOMEM; in tomoyo_find_next_domain()
715 return -ENOMEM; in tomoyo_find_next_domain()
716 ee->tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS); in tomoyo_find_next_domain()
717 if (!ee->tmp) { in tomoyo_find_next_domain()
719 return -ENOMEM; in tomoyo_find_next_domain()
721 /* ee->dump->data is allocated by tomoyo_dump_page(). */ in tomoyo_find_next_domain()
722 tomoyo_init_request_info(&ee->r, NULL, TOMOYO_MAC_FILE_EXECUTE); in tomoyo_find_next_domain()
723 ee->r.ee = ee; in tomoyo_find_next_domain()
724 ee->bprm = bprm; in tomoyo_find_next_domain()
725 ee->r.obj = &ee->obj; in tomoyo_find_next_domain()
726 ee->obj.path1 = bprm->file->f_path; in tomoyo_find_next_domain()
728 retval = -ENOENT; in tomoyo_find_next_domain()
729 exename.name = tomoyo_realpath_nofollow(original_name); in tomoyo_find_next_domain()
730 if (!exename.name) in tomoyo_find_next_domain()
738 &old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR]; in tomoyo_find_next_domain()
744 if (ptr->head.is_deleted || in tomoyo_find_next_domain()
746 ptr->original_name)) in tomoyo_find_next_domain()
748 candidate = ptr->aggregated_name; in tomoyo_find_next_domain()
754 retval = tomoyo_execute_permission(&ee->r, candidate); in tomoyo_find_next_domain()
765 if (ee->r.param.path.matched_path) in tomoyo_find_next_domain()
766 candidate = ee->r.param.path.matched_path; in tomoyo_find_next_domain()
774 if (ee->transition) { in tomoyo_find_next_domain()
775 const char *domainname = ee->transition->name; in tomoyo_find_next_domain()
789 strncpy(ee->tmp, old_domain->domainname->name, in tomoyo_find_next_domain()
790 TOMOYO_EXEC_TMPSIZE - 1); in tomoyo_find_next_domain()
791 cp = strrchr(ee->tmp, ' '); in tomoyo_find_next_domain()
795 strncpy(ee->tmp, domainname, TOMOYO_EXEC_TMPSIZE - 1); in tomoyo_find_next_domain()
797 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", in tomoyo_find_next_domain()
798 old_domain->domainname->name, domainname); in tomoyo_find_next_domain()
805 switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname, in tomoyo_find_next_domain()
810 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", in tomoyo_find_next_domain()
811 candidate->name); in tomoyo_find_next_domain()
821 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", in tomoyo_find_next_domain()
822 old_domain->ns->name, candidate->name); in tomoyo_find_next_domain()
843 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", in tomoyo_find_next_domain()
844 old_domain->domainname->name, candidate->name); in tomoyo_find_next_domain()
849 domain = tomoyo_assign_domain(ee->tmp, true); in tomoyo_find_next_domain()
853 pr_warn("ERROR: Domain '%s' not ready.\n", ee->tmp); in tomoyo_find_next_domain()
854 retval = -ENOMEM; in tomoyo_find_next_domain()
855 } else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING) in tomoyo_find_next_domain()
856 retval = -ENOMEM; in tomoyo_find_next_domain()
859 if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) { in tomoyo_find_next_domain()
860 old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true; in tomoyo_find_next_domain()
861 ee->r.granted = false; in tomoyo_find_next_domain()
862 tomoyo_write_log(&ee->r, "%s", tomoyo_dif in tomoyo_find_next_domain()
864 pr_warn("ERROR: Domain '%s' not defined.\n", ee->tmp); in tomoyo_find_next_domain()
874 s->old_domain_info = s->domain_info; in tomoyo_find_next_domain()
875 s->domain_info = domain; in tomoyo_find_next_domain()
876 atomic_inc(&domain->users); in tomoyo_find_next_domain()
878 kfree(exename.name); in tomoyo_find_next_domain()
880 ee->r.domain = domain; in tomoyo_find_next_domain()
883 kfree(ee->tmp); in tomoyo_find_next_domain()
884 kfree(ee->dump.data); in tomoyo_find_next_domain()
890 * tomoyo_dump_page - Dump a page to buffer.
903 /* dump->data is released by tomoyo_find_next_domain(). */ in tomoyo_dump_page()
904 if (!dump->data) { in tomoyo_dump_page()
905 dump->data = kzalloc(PAGE_SIZE, GFP_NOFS); in tomoyo_dump_page()
906 if (!dump->data) in tomoyo_dump_page()
917 if (get_user_pages_remote(bprm->mm, pos, 1, in tomoyo_dump_page()
921 page = bprm->page[pos / PAGE_SIZE]; in tomoyo_dump_page()
923 if (page != dump->page) { in tomoyo_dump_page()
932 dump->page = page; in tomoyo_dump_page()
933 memcpy(dump->data + offset, kaddr + offset, in tomoyo_dump_page()
934 PAGE_SIZE - offset); in tomoyo_dump_page()