---

yaml --- r: 201846 b: refs/heads/master c: 82e0f00 h: refs/heads/master v: v3
git-mirror · Aug 2, 2010 · 63a1098 · 63a1098
1 parent 70a9a03
commit 63a1098
Show file tree

Hide file tree

Showing 8 changed files with 168 additions and 165 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 237ab459f12cb98eadd3fe7b85343e183a1076a4
+refs/heads/master: 82e0f001a4c1112dcff9cafa9812a33889ad9b8a
diff --git a/trunk/security/tomoyo/common.c b/trunk/security/tomoyo/common.c
@@ -499,18 +499,18 @@ static int tomoyo_update_manager_entry(const char *manager,
 		return -ENOMEM;
 	if (mutex_lock_interruptible(&tomoyo_policy_lock))
 		goto out;
-	list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
+	list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) {
 		if (ptr->manager != e.manager)
 			continue;
-		ptr->is_deleted = is_delete;
+		ptr->head.is_deleted = is_delete;
 		error = 0;
 		break;
 	}
 	if (!is_delete && error) {
 		struct tomoyo_policy_manager_entry *entry =
 			tomoyo_commit_ok(&e, sizeof(e));
 		if (entry) {
-			list_add_tail_rcu(&entry->list,
+			list_add_tail_rcu(&entry->head.list,
 					  &tomoyo_policy_manager_list);
 			error = 0;
 		}
@@ -562,8 +562,8 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
 			     &tomoyo_policy_manager_list) {
 		struct tomoyo_policy_manager_entry *ptr;
 		ptr = list_entry(pos, struct tomoyo_policy_manager_entry,
-				 list);
-		if (ptr->is_deleted)
+				 head.list);
+		if (ptr->head.is_deleted)
 			continue;
 		done = tomoyo_io_printf(head, "%s\n", ptr->manager->name);
 		if (!done)
@@ -593,8 +593,8 @@ static bool tomoyo_is_policy_manager(void)
 		return true;
 	if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
 		return false;
-	list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
-		if (!ptr->is_deleted && ptr->is_domain
+	list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) {
+		if (!ptr->head.is_deleted && ptr->is_domain
 		    && !tomoyo_pathcmp(domainname, ptr->manager)) {
 			found = true;
 			break;
@@ -605,8 +605,8 @@ static bool tomoyo_is_policy_manager(void)
 	exe = tomoyo_get_exe();
 	if (!exe)
 		return false;
-	list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
-		if (!ptr->is_deleted && !ptr->is_domain
+	list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) {
+		if (!ptr->head.is_deleted && !ptr->is_domain
 		    && !strcmp(exe, ptr->manager->name)) {
 			found = true;
 			break;

diff --git a/trunk/security/tomoyo/common.h b/trunk/security/tomoyo/common.h
@@ -188,6 +188,20 @@ enum tomoyo_mac_category_index {
 
 /********** Structure definitions. **********/
 
+/*
+ * tomoyo_acl_head is a structure which is used for holding elements not in
+ * domain policy.
+ * It has following fields.
+ *
+ *  (1) "list" which is linked to tomoyo_policy_list[] .
+ *  (2) "is_deleted" is a bool which is true if marked as deleted, false
+ *      otherwise.
+ */
+struct tomoyo_acl_head {
+	struct list_head list;
+	bool is_deleted;
+} __packed;
+
 /*
  * tomoyo_request_info is a structure which is used for holding
  *
@@ -274,15 +288,13 @@ struct tomoyo_number_group {
 
 /* Structure for "path_group" directive. */
 struct tomoyo_path_group_member {
-	struct list_head list;
-	bool is_deleted;
+	struct tomoyo_acl_head head;
 	const struct tomoyo_path_info *member_name;
 };
 
 /* Structure for "number_group" directive. */
 struct tomoyo_number_group_member {
-	struct list_head list;
-	bool is_deleted;
+	struct tomoyo_acl_head head;
 	struct tomoyo_number_union number;
 };
 
@@ -523,137 +535,116 @@ struct tomoyo_io_buffer {
  * "allow_read" entries.
  * It has following fields.
  *
- *  (1) "list" which is linked to tomoyo_globally_readable_list .
+ *  (1) "head" is "struct tomoyo_acl_head".
  *  (2) "filename" is a pathname which is allowed to open(O_RDONLY).
- *  (3) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
  */
 struct tomoyo_globally_readable_file_entry {
-	struct list_head list;
+	struct tomoyo_acl_head head;
 	const struct tomoyo_path_info *filename;
-	bool is_deleted;
 };
 
 /*
  * tomoyo_pattern_entry is a structure which is used for holding
  * "tomoyo_pattern_list" entries.
  * It has following fields.
  *
- *  (1) "list" which is linked to tomoyo_pattern_list .
+ *  (1) "head" is "struct tomoyo_acl_head".
  *  (2) "pattern" is a pathname pattern which is used for converting pathnames
  *      to pathname patterns during learning mode.
- *  (3) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
  */
 struct tomoyo_pattern_entry {
-	struct list_head list;
+	struct tomoyo_acl_head head;
 	const struct tomoyo_path_info *pattern;
-	bool is_deleted;
 };
 
 /*
  * tomoyo_no_rewrite_entry is a structure which is used for holding
  * "deny_rewrite" entries.
  * It has following fields.
  *
- *  (1) "list" which is linked to tomoyo_no_rewrite_list .
+ *  (1) "head" is "struct tomoyo_acl_head".
  *  (2) "pattern" is a pathname which is by default not permitted to modify
  *      already existing content.
- *  (3) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
  */
 struct tomoyo_no_rewrite_entry {
-	struct list_head list;
+	struct tomoyo_acl_head head;
 	const struct tomoyo_path_info *pattern;
-	bool is_deleted;
 };
 
 /*
  * tomoyo_domain_initializer_entry is a structure which is used for holding
  * "initialize_domain" and "no_initialize_domain" entries.
  * It has following fields.
  *
- *  (1) "list" which is linked to tomoyo_domain_initializer_list .
- *  (2) "domainname" which is "a domainname" or "the last component of a
- *      domainname". This field is NULL if "from" clause is not specified.
- *  (3) "program" which is a program's pathname.
- *  (4) "is_deleted" is a bool which is true if marked as deleted, false
+ *  (1) "head" is "struct tomoyo_acl_head".
+ *  (2) "is_not" is a bool which is true if "no_initialize_domain", false
  *      otherwise.
- *  (5) "is_not" is a bool which is true if "no_initialize_domain", false
- *      otherwise.
- *  (6) "is_last_name" is a bool which is true if "domainname" is "the last
+ *  (3) "is_last_name" is a bool which is true if "domainname" is "the last
  *      component of a domainname", false otherwise.
+ *  (4) "domainname" which is "a domainname" or "the last component of a
+ *      domainname". This field is NULL if "from" clause is not specified.
+ *  (5) "program" which is a program's pathname.
  */
 struct tomoyo_domain_initializer_entry {
-	struct list_head list;
-	const struct tomoyo_path_info *domainname;    /* This may be NULL */
-	const struct tomoyo_path_info *program;
-	bool is_deleted;
+	struct tomoyo_acl_head head;
 	bool is_not;       /* True if this entry is "no_initialize_domain".  */
 	/* True if the domainname is tomoyo_get_last_name(). */
 	bool is_last_name;
+	const struct tomoyo_path_info *domainname;    /* This may be NULL */
+	const struct tomoyo_path_info *program;
 };
 
 /*
  * tomoyo_domain_keeper_entry is a structure which is used for holding
  * "keep_domain" and "no_keep_domain" entries.
  * It has following fields.
  *
- *  (1) "list" which is linked to tomoyo_domain_keeper_list .
- *  (2) "domainname" which is "a domainname" or "the last component of a
- *      domainname".
- *  (3) "program" which is a program's pathname.
- *      This field is NULL if "from" clause is not specified.
- *  (4) "is_deleted" is a bool which is true if marked as deleted, false
+ *  (1) "head" is "struct tomoyo_acl_head".
+ *  (2) "is_not" is a bool which is true if "no_initialize_domain", false
  *      otherwise.
- *  (5) "is_not" is a bool which is true if "no_initialize_domain", false
- *      otherwise.
- *  (6) "is_last_name" is a bool which is true if "domainname" is "the last
+ *  (3) "is_last_name" is a bool which is true if "domainname" is "the last
  *      component of a domainname", false otherwise.
+ *  (4) "domainname" which is "a domainname" or "the last component of a
+ *      domainname".
+ *  (5) "program" which is a program's pathname.
+ *      This field is NULL if "from" clause is not specified.
  */
 struct tomoyo_domain_keeper_entry {
-	struct list_head list;
-	const struct tomoyo_path_info *domainname;
-	const struct tomoyo_path_info *program;       /* This may be NULL */
-	bool is_deleted;
+	struct tomoyo_acl_head head;
 	bool is_not;       /* True if this entry is "no_keep_domain".        */
 	/* True if the domainname is tomoyo_get_last_name(). */
 	bool is_last_name;
+	const struct tomoyo_path_info *domainname;
+	const struct tomoyo_path_info *program;       /* This may be NULL */
 };
 
 /*
  * tomoyo_aggregator_entry is a structure which is used for holding
  * "aggregator" entries.
  * It has following fields.
  *
- *  (1) "list" which is linked to tomoyo_aggregator_list .
+ *  (1) "head" is "struct tomoyo_acl_head".
  *  (2) "original_name" which is originally requested name.
  *  (3) "aggregated_name" which is name to rewrite.
- *  (4) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
  */
 struct tomoyo_aggregator_entry {
-	struct list_head list;
+	struct tomoyo_acl_head head;
 	const struct tomoyo_path_info *original_name;
 	const struct tomoyo_path_info *aggregated_name;
-	bool is_deleted;
 };
 
 /*
  * tomoyo_alias_entry is a structure which is used for holding "alias" entries.
  * It has following fields.
  *
- *  (1) "list" which is linked to tomoyo_alias_list .
+ *  (1) "head" is "struct tomoyo_acl_head".
  *  (2) "original_name" which is a dereferenced pathname.
  *  (3) "aliased_name" which is a symlink's pathname.
- *  (4) "is_deleted" is a bool which is true if marked as deleted, false
- *      otherwise.
  */
 struct tomoyo_alias_entry {
-	struct list_head list;
+	struct tomoyo_acl_head head;
 	const struct tomoyo_path_info *original_name;
 	const struct tomoyo_path_info *aliased_name;
-	bool is_deleted;
 };
 
 /*
@@ -662,19 +653,16 @@ struct tomoyo_alias_entry {
  * /sys/kernel/security/tomoyo/ interface.
  * It has following fields.
  *
- *  (1) "list" which is linked to tomoyo_policy_manager_list .
- *  (2) "manager" is a domainname or a program's pathname.
- *  (3) "is_domain" is a bool which is true if "manager" is a domainname, false
- *      otherwise.
- *  (4) "is_deleted" is a bool which is true if marked as deleted, false
+ *  (1) "head" is "struct tomoyo_acl_head".
+ *  (2) "is_domain" is a bool which is true if "manager" is a domainname, false
  *      otherwise.
+ *  (3) "manager" is a domainname or a program's pathname.
  */
 struct tomoyo_policy_manager_entry {
-	struct list_head list;
+	struct tomoyo_acl_head head;
+	bool is_domain;  /* True if manager is a domainname. */
 	/* A path to program or a domainname. */
 	const struct tomoyo_path_info *manager;
-	bool is_domain;  /* True if manager is a domainname. */
-	bool is_deleted; /* True if this entry is deleted. */
 };
 
 struct tomoyo_preference {