Lines Matching +full:entry +full:- +full:name
1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright (C) 2005-2011 NTT DATA CORPORATION
20 * tomoyo_update_policy - Update an entry for exception policy.
25 * @check_duplicate: Callback function to find duplicated entry.
38 int error = param->is_delete ? -ENOENT : -ENOMEM; in tomoyo_update_policy()
39 struct tomoyo_acl_head *entry; in tomoyo_update_policy() local
40 struct list_head *list = param->list; in tomoyo_update_policy()
43 return -ENOMEM; in tomoyo_update_policy()
44 list_for_each_entry_rcu(entry, list, list, in tomoyo_update_policy()
46 if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS) in tomoyo_update_policy()
48 if (!check_duplicate(entry, new_entry)) in tomoyo_update_policy()
50 entry->is_deleted = param->is_delete; in tomoyo_update_policy()
54 if (error && !param->is_delete) { in tomoyo_update_policy()
55 entry = tomoyo_commit_ok(new_entry, size); in tomoyo_update_policy()
56 if (entry) { in tomoyo_update_policy()
57 list_add_tail_rcu(&entry->list, list); in tomoyo_update_policy()
66 * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
76 return a->type == b->type && a->cond == b->cond; in tomoyo_same_acl_head()
80 * tomoyo_update_domain - Update an entry for domain policy.
85 * @check_duplicate: Callback function to find duplicated entry.
86 * @merge_duplicate: Callback function to merge duplicated entry.
102 const bool is_delete = param->is_delete; in tomoyo_update_domain()
103 int error = is_delete ? -ENOENT : -ENOMEM; in tomoyo_update_domain()
104 struct tomoyo_acl_info *entry; in tomoyo_update_domain() local
105 struct list_head * const list = param->list; in tomoyo_update_domain()
107 if (param->data[0]) { in tomoyo_update_domain()
108 new_entry->cond = tomoyo_get_condition(param); in tomoyo_update_domain()
109 if (!new_entry->cond) in tomoyo_update_domain()
110 return -EINVAL; in tomoyo_update_domain()
115 if (new_entry->cond->transit && in tomoyo_update_domain()
116 !(new_entry->type == TOMOYO_TYPE_PATH_ACL && in tomoyo_update_domain()
118 ->perm == 1 << TOMOYO_TYPE_EXECUTE)) in tomoyo_update_domain()
123 list_for_each_entry_rcu(entry, list, list, in tomoyo_update_domain()
125 if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS) in tomoyo_update_domain()
127 if (!tomoyo_same_acl_head(entry, new_entry) || in tomoyo_update_domain()
128 !check_duplicate(entry, new_entry)) in tomoyo_update_domain()
131 entry->is_deleted = merge_duplicate(entry, new_entry, in tomoyo_update_domain()
134 entry->is_deleted = is_delete; in tomoyo_update_domain()
139 entry = tomoyo_commit_ok(new_entry, size); in tomoyo_update_domain()
140 if (entry) { in tomoyo_update_domain()
141 list_add_tail_rcu(&entry->list, list); in tomoyo_update_domain()
147 tomoyo_put_condition(new_entry->cond); in tomoyo_update_domain()
152 * tomoyo_check_acl - Do permission check.
165 const struct tomoyo_domain_info *domain = r->domain; in tomoyo_check_acl()
167 const struct list_head *list = &domain->acl_info_list; in tomoyo_check_acl()
173 if (ptr->is_deleted || ptr->type != r->param_type) in tomoyo_check_acl()
177 if (!tomoyo_condition(r, ptr->cond)) in tomoyo_check_acl()
179 r->matched_acl = ptr; in tomoyo_check_acl()
180 r->granted = true; in tomoyo_check_acl()
184 if (!test_bit(i, domain->group)) in tomoyo_check_acl()
186 list = &domain->ns->acl_group[i++]; in tomoyo_check_acl()
189 r->granted = false; in tomoyo_check_acl()
196 * tomoyo_last_word - Get last component of a domainname.
198 * @name: Domainname to check.
202 static const char *tomoyo_last_word(const char *name) in tomoyo_last_word() argument
204 const char *cp = strrchr(name, ' '); in tomoyo_last_word()
208 return name; in tomoyo_last_word()
212 * tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry.
229 return p1->type == p2->type && p1->is_last_name == p2->is_last_name in tomoyo_same_transition_control()
230 && p1->domainname == p2->domainname in tomoyo_same_transition_control()
231 && p1->program == p2->program; in tomoyo_same_transition_control()
235 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
238 * @type: Type of this entry.
246 int error = param->is_delete ? -ENOENT : -ENOMEM; in tomoyo_write_transition_control()
247 char *program = param->data; in tomoyo_write_transition_control()
260 return -EINVAL; in tomoyo_write_transition_control()
275 param->list = ¶m->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_write_transition_control()
285 * tomoyo_scan_transition - Try to find specific domain transition type.
288 * @domainname: The name of current domain.
289 * @program: The name of requested program.
306 if (ptr->head.is_deleted || ptr->type != type) in tomoyo_scan_transition()
308 if (ptr->domainname) { in tomoyo_scan_transition()
309 if (!ptr->is_last_name) { in tomoyo_scan_transition()
310 if (ptr->domainname != domainname) in tomoyo_scan_transition()
317 if (strcmp(ptr->domainname->name, last_name)) in tomoyo_scan_transition()
321 if (ptr->program && tomoyo_pathcmp(ptr->program, program)) in tomoyo_scan_transition()
329 * tomoyo_transition_type - Get domain transition type.
332 * @domainname: The name of current domain.
333 * @program: The name of requested program.
348 const char *last_name = tomoyo_last_word(domainname->name); in tomoyo_transition_type()
353 &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_transition_type()
375 * tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry.
390 return p1->original_name == p2->original_name && in tomoyo_same_aggregator()
391 p1->aggregated_name == p2->aggregated_name; in tomoyo_same_aggregator()
395 * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
406 int error = param->is_delete ? -ENOENT : -ENOMEM; in tomoyo_write_aggregator()
412 return -EINVAL; in tomoyo_write_aggregator()
416 e.aggregated_name->is_patterned) /* No patterns allowed. */ in tomoyo_write_aggregator()
418 param->list = ¶m->ns->policy_list[TOMOYO_ID_AGGREGATOR]; in tomoyo_write_aggregator()
428 * tomoyo_find_namespace - Find specified namespace.
430 * @name: Name of namespace to find.
431 * @len: Length of @name.
439 (const char *name, const unsigned int len) in tomoyo_find_namespace() argument
444 if (strncmp(name, ns->name, len) || in tomoyo_find_namespace()
445 (name[len] && name[len] != ' ')) in tomoyo_find_namespace()
453 * tomoyo_assign_namespace - Create a new namespace.
455 * @domainname: Name of namespace to create.
465 struct tomoyo_policy_namespace *entry; in tomoyo_assign_namespace() local
474 if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname)) in tomoyo_assign_namespace()
476 entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS | __GFP_NOWARN); in tomoyo_assign_namespace()
480 if (!ptr && tomoyo_memory_ok(entry)) { in tomoyo_assign_namespace()
481 char *name = (char *) (entry + 1); in tomoyo_assign_namespace() local
483 ptr = entry; in tomoyo_assign_namespace()
484 memmove(name, domainname, len); in tomoyo_assign_namespace()
485 name[len] = '\0'; in tomoyo_assign_namespace()
486 entry->name = name; in tomoyo_assign_namespace()
487 tomoyo_init_policy_namespace(entry); in tomoyo_assign_namespace()
488 entry = NULL; in tomoyo_assign_namespace()
492 kfree(entry); in tomoyo_assign_namespace()
497 * tomoyo_namespace_jump - Check for namespace jump.
499 * @domainname: Name of domain.
505 const char *namespace = tomoyo_current_namespace()->name; in tomoyo_namespace_jump()
513 * tomoyo_assign_domain - Create a domain or a namespace.
515 * @domainname: The name of domain.
526 struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname); in tomoyo_assign_domain() local
529 if (entry) { in tomoyo_assign_domain()
538 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
541 return entry; in tomoyo_assign_domain()
545 if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 || in tomoyo_assign_domain()
566 e.profile = domain->profile; in tomoyo_assign_domain()
567 memcpy(e.group, domain->group, sizeof(e.group)); in tomoyo_assign_domain()
574 entry = tomoyo_find_domain(domainname); in tomoyo_assign_domain()
575 if (!entry) { in tomoyo_assign_domain()
576 entry = tomoyo_commit_ok(&e, sizeof(e)); in tomoyo_assign_domain()
577 if (entry) { in tomoyo_assign_domain()
578 INIT_LIST_HEAD(&entry->acl_info_list); in tomoyo_assign_domain()
579 list_add_tail_rcu(&entry->list, &tomoyo_domain_list); in tomoyo_assign_domain()
586 if (entry && transit) { in tomoyo_assign_domain()
591 tomoyo_init_request_info(&r, entry, in tomoyo_assign_domain()
595 entry->profile); in tomoyo_assign_domain()
597 if (test_bit(i, entry->group)) in tomoyo_assign_domain()
603 return entry; in tomoyo_assign_domain()
607 * tomoyo_environ - Check permission for environment variable names.
615 struct tomoyo_request_info *r = &ee->r; in tomoyo_environ()
616 struct linux_binprm *bprm = ee->bprm; in tomoyo_environ()
621 unsigned long pos = bprm->p; in tomoyo_environ()
623 int argv_count = bprm->argc; in tomoyo_environ()
624 int envp_count = bprm->envc; in tomoyo_environ()
625 int error = -ENOMEM; in tomoyo_environ()
627 ee->r.type = TOMOYO_MAC_ENVIRON; in tomoyo_environ()
628 ee->r.profile = r->domain->profile; in tomoyo_environ()
629 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
631 if (!r->mode || !envp_count) in tomoyo_environ()
636 while (error == -ENOMEM) { in tomoyo_environ()
639 pos += PAGE_SIZE - offset; in tomoyo_environ()
643 argv_count--; in tomoyo_environ()
652 if (c && arg_len < TOMOYO_EXEC_TMPSIZE - 10) { in tomoyo_environ()
673 error = -EPERM; in tomoyo_environ()
676 if (!--envp_count) { in tomoyo_environ()
685 if (r->mode != TOMOYO_CONFIG_ENFORCING) in tomoyo_environ()
693 * tomoyo_find_next_domain - Find a domain.
705 const char *original_name = bprm->filename; in tomoyo_find_next_domain()
706 int retval = -ENOMEM; in tomoyo_find_next_domain()
713 return -ENOMEM; in tomoyo_find_next_domain()
714 ee->tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS); in tomoyo_find_next_domain()
715 if (!ee->tmp) { in tomoyo_find_next_domain()
717 return -ENOMEM; in tomoyo_find_next_domain()
719 /* ee->dump->data is allocated by tomoyo_dump_page(). */ in tomoyo_find_next_domain()
720 tomoyo_init_request_info(&ee->r, NULL, TOMOYO_MAC_FILE_EXECUTE); in tomoyo_find_next_domain()
721 ee->r.ee = ee; in tomoyo_find_next_domain()
722 ee->bprm = bprm; in tomoyo_find_next_domain()
723 ee->r.obj = &ee->obj; in tomoyo_find_next_domain()
724 ee->obj.path1 = bprm->file->f_path; in tomoyo_find_next_domain()
726 retval = -ENOENT; in tomoyo_find_next_domain()
727 exename.name = tomoyo_realpath_nofollow(original_name); in tomoyo_find_next_domain()
728 if (!exename.name) in tomoyo_find_next_domain()
736 &old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR]; in tomoyo_find_next_domain()
742 if (ptr->head.is_deleted || in tomoyo_find_next_domain()
744 ptr->original_name)) in tomoyo_find_next_domain()
746 candidate = ptr->aggregated_name; in tomoyo_find_next_domain()
752 retval = tomoyo_execute_permission(&ee->r, candidate); in tomoyo_find_next_domain()
763 if (ee->r.param.path.matched_path) in tomoyo_find_next_domain()
764 candidate = ee->r.param.path.matched_path; in tomoyo_find_next_domain()
772 if (ee->transition) { in tomoyo_find_next_domain()
773 const char *domainname = ee->transition->name; in tomoyo_find_next_domain()
787 strncpy(ee->tmp, old_domain->domainname->name, in tomoyo_find_next_domain()
788 TOMOYO_EXEC_TMPSIZE - 1); in tomoyo_find_next_domain()
789 cp = strrchr(ee->tmp, ' '); in tomoyo_find_next_domain()
793 strncpy(ee->tmp, domainname, TOMOYO_EXEC_TMPSIZE - 1); in tomoyo_find_next_domain()
795 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", in tomoyo_find_next_domain()
796 old_domain->domainname->name, domainname); in tomoyo_find_next_domain()
803 switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname, in tomoyo_find_next_domain()
808 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", in tomoyo_find_next_domain()
809 candidate->name); in tomoyo_find_next_domain()
819 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", in tomoyo_find_next_domain()
820 old_domain->ns->name, candidate->name); in tomoyo_find_next_domain()
841 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", in tomoyo_find_next_domain()
842 old_domain->domainname->name, candidate->name); in tomoyo_find_next_domain()
847 domain = tomoyo_assign_domain(ee->tmp, true); in tomoyo_find_next_domain()
851 pr_warn("ERROR: Domain '%s' not ready.\n", ee->tmp); in tomoyo_find_next_domain()
852 retval = -ENOMEM; in tomoyo_find_next_domain()
853 } else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING) in tomoyo_find_next_domain()
854 retval = -ENOMEM; in tomoyo_find_next_domain()
857 if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) { in tomoyo_find_next_domain()
858 old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true; in tomoyo_find_next_domain()
859 ee->r.granted = false; in tomoyo_find_next_domain()
860 tomoyo_write_log(&ee->r, "%s", tomoyo_dif in tomoyo_find_next_domain()
862 pr_warn("ERROR: Domain '%s' not defined.\n", ee->tmp); in tomoyo_find_next_domain()
872 s->old_domain_info = s->domain_info; in tomoyo_find_next_domain()
873 s->domain_info = domain; in tomoyo_find_next_domain()
874 atomic_inc(&domain->users); in tomoyo_find_next_domain()
876 kfree(exename.name); in tomoyo_find_next_domain()
878 ee->r.domain = domain; in tomoyo_find_next_domain()
881 kfree(ee->tmp); in tomoyo_find_next_domain()
882 kfree(ee->dump.data); in tomoyo_find_next_domain()
888 * tomoyo_dump_page - Dump a page to buffer.
904 /* dump->data is released by tomoyo_find_next_domain(). */ in tomoyo_dump_page()
905 if (!dump->data) { in tomoyo_dump_page()
906 dump->data = kzalloc(PAGE_SIZE, GFP_NOFS); in tomoyo_dump_page()
907 if (!dump->data) in tomoyo_dump_page()
917 mmap_read_lock(bprm->mm); in tomoyo_dump_page()
918 ret = get_user_pages_remote(bprm->mm, pos, 1, in tomoyo_dump_page()
920 mmap_read_unlock(bprm->mm); in tomoyo_dump_page()
924 page = bprm->page[pos / PAGE_SIZE]; in tomoyo_dump_page()
926 if (page != dump->page) { in tomoyo_dump_page()
935 dump->page = page; in tomoyo_dump_page()
936 memcpy(dump->data + offset, kaddr + offset, in tomoyo_dump_page()
937 PAGE_SIZE - offset); in tomoyo_dump_page()