Lines Matching +full:entry +full:- +full:name
1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright (C) 2005-2011 NTT DATA CORPORATION
20 * tomoyo_update_policy - Update an entry for exception policy.
25 * @check_duplicate: Callback function to find duplicated entry.
38 int error = param->is_delete ? -ENOENT : -ENOMEM; in tomoyo_update_policy()
39 struct tomoyo_acl_head *entry; in tomoyo_update_policy() local
40 struct list_head *list = param->list; in tomoyo_update_policy()
43 return -ENOMEM; in tomoyo_update_policy()
44 list_for_each_entry_rcu(entry, list, list) { in tomoyo_update_policy()
45 if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS) in tomoyo_update_policy()
47 if (!check_duplicate(entry, new_entry)) in tomoyo_update_policy()
49 entry->is_deleted = param->is_delete; in tomoyo_update_policy()
53 if (error && !param->is_delete) { in tomoyo_update_policy()
54 entry = tomoyo_commit_ok(new_entry, size); in tomoyo_update_policy()
55 if (entry) { in tomoyo_update_policy()
56 list_add_tail_rcu(&entry->list, list); in tomoyo_update_policy()
65 * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
75 return a->type == b->type && a->cond == b->cond; in tomoyo_same_acl_head()
79 * tomoyo_update_domain - Update an entry for domain policy.
84 * @check_duplicate: Callback function to find duplicated entry.
85 * @merge_duplicate: Callback function to merge duplicated entry.
101 const bool is_delete = param->is_delete; in tomoyo_update_domain()
102 int error = is_delete ? -ENOENT : -ENOMEM; in tomoyo_update_domain()
103 struct tomoyo_acl_info *entry; in tomoyo_update_domain() local
104 struct list_head * const list = param->list; in tomoyo_update_domain()
106 if (param->data[0]) { in tomoyo_update_domain()
107 new_entry->cond = tomoyo_get_condition(param); in tomoyo_update_domain()
108 if (!new_entry->cond) in tomoyo_update_domain()
109 return -EINVAL; in tomoyo_update_domain()
114 if (new_entry->cond->transit && in tomoyo_update_domain()
115 !(new_entry->type == TOMOYO_TYPE_PATH_ACL && in tomoyo_update_domain()
117 ->perm == 1 << TOMOYO_TYPE_EXECUTE)) in tomoyo_update_domain()
122 list_for_each_entry_rcu(entry, list, list) { in tomoyo_update_domain()
123 if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS) in tomoyo_update_domain()
125 if (!tomoyo_same_acl_head(entry, new_entry) || in tomoyo_update_domain()
126 !check_duplicate(entry, new_entry)) in tomoyo_update_domain()
129 entry->is_deleted = merge_duplicate(entry, new_entry, in tomoyo_update_domain()
132 entry->is_deleted = is_delete; in tomoyo_update_domain()
137 entry = tomoyo_commit_ok(new_entry, size); in tomoyo_update_domain()
138 if (entry) { in tomoyo_update_domain()
139 list_add_tail_rcu(&entry->list, list); in tomoyo_update_domain()
145 tomoyo_put_condition(new_entry->cond); in tomoyo_update_domain()
150 * tomoyo_check_acl - Do permission check.
163 const struct tomoyo_domain_info *domain = r->domain; in tomoyo_check_acl()
166 const struct list_head *list = &domain->acl_info_list; in tomoyo_check_acl()
170 if (ptr->is_deleted || ptr->type != r->param_type) in tomoyo_check_acl()
174 if (!tomoyo_condition(r, ptr->cond)) in tomoyo_check_acl()
176 r->matched_acl = ptr; in tomoyo_check_acl()
177 r->granted = true; in tomoyo_check_acl()
182 list = &domain->ns->acl_group[domain->group]; in tomoyo_check_acl()
185 r->granted = false; in tomoyo_check_acl()
192 * tomoyo_last_word - Get last component of a domainname.
194 * @name: Domainname to check.
198 static const char *tomoyo_last_word(const char *name) in tomoyo_last_word() argument
200 const char *cp = strrchr(name, ' '); in tomoyo_last_word()
203 return name; in tomoyo_last_word()
207 * tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry.
223 return p1->type == p2->type && p1->is_last_name == p2->is_last_name in tomoyo_same_transition_control()
224 && p1->domainname == p2->domainname in tomoyo_same_transition_control()
225 && p1->program == p2->program; in tomoyo_same_transition_control()
229 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
232 * @type: Type of this entry.
240 int error = param->is_delete ? -ENOENT : -ENOMEM; in tomoyo_write_transition_control()
241 char *program = param->data; in tomoyo_write_transition_control()
253 return -EINVAL; in tomoyo_write_transition_control()
268 param->list = ¶m->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_write_transition_control()
278 * tomoyo_scan_transition - Try to find specific domain transition type.
281 * @domainname: The name of current domain.
282 * @program: The name of requested program.
297 if (ptr->head.is_deleted || ptr->type != type) in tomoyo_scan_transition()
299 if (ptr->domainname) { in tomoyo_scan_transition()
300 if (!ptr->is_last_name) { in tomoyo_scan_transition()
301 if (ptr->domainname != domainname) in tomoyo_scan_transition()
308 if (strcmp(ptr->domainname->name, last_name)) in tomoyo_scan_transition()
312 if (ptr->program && tomoyo_pathcmp(ptr->program, program)) in tomoyo_scan_transition()
320 * tomoyo_transition_type - Get domain transition type.
323 * @domainname: The name of current domain.
324 * @program: The name of requested program.
339 const char *last_name = tomoyo_last_word(domainname->name); in tomoyo_transition_type()
343 &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_transition_type()
364 * tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry.
378 return p1->original_name == p2->original_name && in tomoyo_same_aggregator()
379 p1->aggregated_name == p2->aggregated_name; in tomoyo_same_aggregator()
383 * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
394 int error = param->is_delete ? -ENOENT : -ENOMEM; in tomoyo_write_aggregator()
399 return -EINVAL; in tomoyo_write_aggregator()
403 e.aggregated_name->is_patterned) /* No patterns allowed. */ in tomoyo_write_aggregator()
405 param->list = ¶m->ns->policy_list[TOMOYO_ID_AGGREGATOR]; in tomoyo_write_aggregator()
415 * tomoyo_find_namespace - Find specified namespace.
417 * @name: Name of namespace to find.
418 * @len: Length of @name.
426 (const char *name, const unsigned int len) in tomoyo_find_namespace() argument
430 if (strncmp(name, ns->name, len) || in tomoyo_find_namespace()
431 (name[len] && name[len] != ' ')) in tomoyo_find_namespace()
439 * tomoyo_assign_namespace - Create a new namespace.
441 * @domainname: Name of namespace to create.
451 struct tomoyo_policy_namespace *entry; in tomoyo_assign_namespace() local
459 if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname)) in tomoyo_assign_namespace()
461 entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS); in tomoyo_assign_namespace()
462 if (!entry) in tomoyo_assign_namespace()
467 if (!ptr && tomoyo_memory_ok(entry)) { in tomoyo_assign_namespace()
468 char *name = (char *) (entry + 1); in tomoyo_assign_namespace() local
469 ptr = entry; in tomoyo_assign_namespace()
470 memmove(name, domainname, len); in tomoyo_assign_namespace()
471 name[len] = '\0'; in tomoyo_assign_namespace()
472 entry->name = name; in tomoyo_assign_namespace()
473 tomoyo_init_policy_namespace(entry); in tomoyo_assign_namespace()
474 entry = NULL; in tomoyo_assign_namespace()
478 kfree(entry); in tomoyo_assign_namespace()
483 * tomoyo_namespace_jump - Check for namespace jump.
485 * @domainname: Name of domain.
491 const char *namespace = tomoyo_current_namespace()->name; in tomoyo_namespace_jump()
498 * tomoyo_assign_domain - Create a domain or a namespace.
500 * @domainname: The name of domain.
511 struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname); in tomoyo_assign_domain() local
513 if (entry) { in tomoyo_assign_domain()
522 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
525 return entry; in tomoyo_assign_domain()
529 if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 || in tomoyo_assign_domain()
549 e.profile = domain->profile; in tomoyo_assign_domain()
550 e.group = domain->group; in tomoyo_assign_domain()
557 entry = tomoyo_find_domain(domainname); in tomoyo_assign_domain()
558 if (!entry) { in tomoyo_assign_domain()
559 entry = tomoyo_commit_ok(&e, sizeof(e)); in tomoyo_assign_domain()
560 if (entry) { in tomoyo_assign_domain()
561 INIT_LIST_HEAD(&entry->acl_info_list); in tomoyo_assign_domain()
562 list_add_tail_rcu(&entry->list, &tomoyo_domain_list); in tomoyo_assign_domain()
569 if (entry && transit) { in tomoyo_assign_domain()
572 tomoyo_init_request_info(&r, entry, in tomoyo_assign_domain()
576 entry->profile); in tomoyo_assign_domain()
577 tomoyo_write_log(&r, "use_group %u\n", entry->group); in tomoyo_assign_domain()
581 return entry; in tomoyo_assign_domain()
585 * tomoyo_environ - Check permission for environment variable names.
593 struct tomoyo_request_info *r = &ee->r; in tomoyo_environ()
594 struct linux_binprm *bprm = ee->bprm; in tomoyo_environ()
599 unsigned long pos = bprm->p; in tomoyo_environ()
601 int argv_count = bprm->argc; in tomoyo_environ()
602 int envp_count = bprm->envc; in tomoyo_environ()
603 int error = -ENOMEM; in tomoyo_environ()
605 ee->r.type = TOMOYO_MAC_ENVIRON; in tomoyo_environ()
606 ee->r.profile = r->domain->profile; in tomoyo_environ()
607 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
609 if (!r->mode || !envp_count) in tomoyo_environ()
614 while (error == -ENOMEM) { in tomoyo_environ()
617 pos += PAGE_SIZE - offset; in tomoyo_environ()
621 argv_count--; in tomoyo_environ()
630 if (c && arg_len < TOMOYO_EXEC_TMPSIZE - 10) { in tomoyo_environ()
651 error = -EPERM; in tomoyo_environ()
654 if (!--envp_count) { in tomoyo_environ()
663 if (r->mode != TOMOYO_CONFIG_ENFORCING) in tomoyo_environ()
671 * tomoyo_find_next_domain - Find a domain.
683 const char *original_name = bprm->filename; in tomoyo_find_next_domain()
684 int retval = -ENOMEM; in tomoyo_find_next_domain()
691 return -ENOMEM; in tomoyo_find_next_domain()
692 ee->tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS); in tomoyo_find_next_domain()
693 if (!ee->tmp) { in tomoyo_find_next_domain()
695 return -ENOMEM; in tomoyo_find_next_domain()
697 /* ee->dump->data is allocated by tomoyo_dump_page(). */ in tomoyo_find_next_domain()
698 tomoyo_init_request_info(&ee->r, NULL, TOMOYO_MAC_FILE_EXECUTE); in tomoyo_find_next_domain()
699 ee->r.ee = ee; in tomoyo_find_next_domain()
700 ee->bprm = bprm; in tomoyo_find_next_domain()
701 ee->r.obj = &ee->obj; in tomoyo_find_next_domain()
702 ee->obj.path1 = bprm->file->f_path; in tomoyo_find_next_domain()
704 retval = -ENOENT; in tomoyo_find_next_domain()
705 exename.name = tomoyo_realpath_nofollow(original_name); in tomoyo_find_next_domain()
706 if (!exename.name) in tomoyo_find_next_domain()
714 &old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR]; in tomoyo_find_next_domain()
718 if (ptr->head.is_deleted || in tomoyo_find_next_domain()
720 ptr->original_name)) in tomoyo_find_next_domain()
722 candidate = ptr->aggregated_name; in tomoyo_find_next_domain()
728 retval = tomoyo_execute_permission(&ee->r, candidate); in tomoyo_find_next_domain()
739 if (ee->r.param.path.matched_path) in tomoyo_find_next_domain()
740 candidate = ee->r.param.path.matched_path; in tomoyo_find_next_domain()
748 if (ee->transition) { in tomoyo_find_next_domain()
749 const char *domainname = ee->transition->name; in tomoyo_find_next_domain()
761 strncpy(ee->tmp, old_domain->domainname->name, in tomoyo_find_next_domain()
762 TOMOYO_EXEC_TMPSIZE - 1); in tomoyo_find_next_domain()
763 cp = strrchr(ee->tmp, ' '); in tomoyo_find_next_domain()
767 strncpy(ee->tmp, domainname, TOMOYO_EXEC_TMPSIZE - 1); in tomoyo_find_next_domain()
769 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", in tomoyo_find_next_domain()
770 old_domain->domainname->name, domainname); in tomoyo_find_next_domain()
777 switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname, in tomoyo_find_next_domain()
782 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", in tomoyo_find_next_domain()
783 candidate->name); in tomoyo_find_next_domain()
793 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", in tomoyo_find_next_domain()
794 old_domain->ns->name, candidate->name); in tomoyo_find_next_domain()
815 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", in tomoyo_find_next_domain()
816 old_domain->domainname->name, candidate->name); in tomoyo_find_next_domain()
821 domain = tomoyo_assign_domain(ee->tmp, true); in tomoyo_find_next_domain()
826 ee->tmp); in tomoyo_find_next_domain()
827 retval = -ENOMEM; in tomoyo_find_next_domain()
828 } else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING) in tomoyo_find_next_domain()
829 retval = -ENOMEM; in tomoyo_find_next_domain()
832 if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) { in tomoyo_find_next_domain()
833 old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true; in tomoyo_find_next_domain()
834 ee->r.granted = false; in tomoyo_find_next_domain()
835 tomoyo_write_log(&ee->r, "%s", tomoyo_dif in tomoyo_find_next_domain()
838 "ERROR: Domain '%s' not defined.\n", ee->tmp); in tomoyo_find_next_domain()
845 atomic_inc(&domain->users); in tomoyo_find_next_domain()
846 bprm->cred->security = domain; in tomoyo_find_next_domain()
847 kfree(exename.name); in tomoyo_find_next_domain()
849 ee->r.domain = domain; in tomoyo_find_next_domain()
852 kfree(ee->tmp); in tomoyo_find_next_domain()
853 kfree(ee->dump.data); in tomoyo_find_next_domain()
859 * tomoyo_dump_page - Dump a page to buffer.
872 /* dump->data is released by tomoyo_find_next_domain(). */ in tomoyo_dump_page()
873 if (!dump->data) { in tomoyo_dump_page()
874 dump->data = kzalloc(PAGE_SIZE, GFP_NOFS); in tomoyo_dump_page()
875 if (!dump->data) in tomoyo_dump_page()
886 if (get_user_pages_remote(current, bprm->mm, pos, 1, in tomoyo_dump_page()
890 page = bprm->page[pos / PAGE_SIZE]; in tomoyo_dump_page()
892 if (page != dump->page) { in tomoyo_dump_page()
901 dump->page = page; in tomoyo_dump_page()
902 memcpy(dump->data + offset, kaddr + offset, in tomoyo_dump_page()
903 PAGE_SIZE - offset); in tomoyo_dump_page()